smack: Fix missing calls to netlbl_skbuff_err()
Paul Moore [Fri, 10 Oct 2008 14:16:31 +0000 (10:16 -0400)]
Smack needs to call netlbl_skbuff_err() to let NetLabel do the necessary
protocol specific error handling.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>

security/smack/smack_lsm.c

index 87d7541..6e2dc0b 100644 (file)
@@ -2179,7 +2179,10 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
         * This is the simplist possible security model
         * for networking.
         */
-       return smk_access(smack, ssp->smk_in, MAY_WRITE);
+       rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
+       if (rc != 0)
+               netlbl_skbuff_err(skb, rc, 0);
+       return rc;
 }
 
 /**