Searched hist:"1 f1aaf82825865a50cef0b4722607abb12aeee52" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/security/selinux/ |
| H A D | hooks.c | diff 1f1aaf82825865a50cef0b4722607abb12aeee52 Tue Nov 16 05:52:57 CST 2010 Eric Paris <eparis@redhat.com> SELinux: return -ECONNREFUSED from ip_postroute to signal fatal error
The SELinux netfilter hooks just return NF_DROP if they drop a packet. We
want to signal that a drop in this hook is a permanant fatal error and is not
transient. If we do this the error will be passed back up the stack in some
places and applications will get a faster interaction that something went
wrong.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|