]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blobdiff - security/selinux/netif.c
projects / mirror_ubuntu-zesty-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NET]: Make device event notification network namespace safe
[mirror_ubuntu-zesty-kernel.git] / security / selinux / netif.c
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index b10c34e8a74344f97afce95012a41ebaf7157242..e87ab948104c05a263163752dbbe173c9403f144 100644 (file)
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -20,6 +20,7 @@
 #include <linux/notifier.h>
 #include <linux/netdevice.h>
 #include <linux/rcupdate.h>
+#include <net/net_namespace.h>
 
 #include "security.h"
 #include "objsec.h"
@@ -234,6 +235,9 @@ static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
 {
        struct net_device *dev = ptr;
 
+       if (dev->nd_net != &init_net)
+               return NOTIFY_DONE;
+
        if (event == NETDEV_DOWN)
                sel_netif_kill(dev);
 
ubuntu-zesty-kernel mirror