1. Patchew
  2. linux
  3. View series

[PATCH] selinux: use a consistent method to get full socket from skb

Tianjia Zhang posted 1 patch 2 months, 1 week ago 
security/selinux/hooks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] selinux: use a consistent method to get full socket from skb
Posted by Tianjia Zhang 2 months, 1 week ago 
In order to maintain code consistency and readability,
skb_to_full_sk() is used to get full socket from skb.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 security/selinux/hooks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 595ceb314aeb..362f92b2fafb 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5861,7 +5861,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb,
 	/* we do this in the LOCAL_OUT path and not the POST_ROUTING path
 	 * because we want to make sure we apply the necessary labeling
 	 * before IPsec is applied so we can leverage AH protection */
-	sk = sk_to_full_sk(skb->sk);
+	sk = skb_to_full_sk(skb);
 	if (sk) {
 		struct sk_security_struct *sksec;
 
-- 
2.39.5 (Apple Git-154)
Re: [PATCH] selinux: use a consistent method to get full socket from skb
Posted by Paul Moore 2 months ago 
On Jul 29, 2025 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> wrote:
> 
> In order to maintain code consistency and readability,
> skb_to_full_sk() is used to get full socket from skb.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
>  security/selinux/hooks.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Merged into selinux/dev-staging with plans to move it to selinux/dev
once the merge window closes.

--
paul-moore.com
Re: [PATCH] selinux: use a consistent method to get full socket from skb
Posted by Paul Moore 1 month, 3 weeks ago 
On Tue, Aug 5, 2025 at 5:26 PM Paul Moore <paul@paul-moore.com> wrote:
> On Jul 29, 2025 Tianjia Zhang <tianjia.zhang@linux.alibaba.com> wrote:
> >
> > In order to maintain code consistency and readability,
> > skb_to_full_sk() is used to get full socket from skb.
> >
> > Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> > ---
> >  security/selinux/hooks.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Merged into selinux/dev-staging with plans to move it to selinux/dev
> once the merge window closes.

Now merged into selinux/dev, thanks!

-- 
paul-moore.com
Re: [PATCH] selinux: use a consistent method to get full socket from skb
Posted by Stephen Smalley 2 months, 1 week ago 
On Tue, Jul 29, 2025 at 5:10 AM Tianjia Zhang
<tianjia.zhang@linux.alibaba.com> wrote:
>
> In order to maintain code consistency and readability,
> skb_to_full_sk() is used to get full socket from skb.
>
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>

> ---
>  security/selinux/hooks.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 595ceb314aeb..362f92b2fafb 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -5861,7 +5861,7 @@ static unsigned int selinux_ip_output(void *priv, struct sk_buff *skb,
>         /* we do this in the LOCAL_OUT path and not the POST_ROUTING path
>          * because we want to make sure we apply the necessary labeling
>          * before IPsec is applied so we can leverage AH protection */
> -       sk = sk_to_full_sk(skb->sk);
> +       sk = skb_to_full_sk(skb);
>         if (sk) {
>                 struct sk_security_struct *sksec;
>
> --
> 2.39.5 (Apple Git-154)
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.