summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c2
-rw-r--r--security/selinux/hooks.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index cb30c7e350b..ed6af12cdf4 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -495,7 +495,7 @@ static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
char *name1, char *name2)
{
if (!ipv6_addr_any(addr))
- audit_log_format(ab, " %s=" NIP6_FMT, name1, NIP6(*addr));
+ audit_log_format(ab, " %s=%pI6", name1, addr);
if (port)
audit_log_format(ab, " %s=%d", name2, ntohs(port));
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2..aedf02b1345 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
* as fast and as clean as possible. */
if (selinux_compat_net || !selinux_policycap_netpeer)
return selinux_ip_postroute_compat(skb, ifindex, family);
-
+#ifdef CONFIG_XFRM
/* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
* packet transformation so allow the packet to pass without any checks
* since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
* is NULL, in this case go ahead and apply access control. */
if (skb->dst != NULL && skb->dst->xfrm != NULL)
return NF_ACCEPT;
-
+#endif
secmark_active = selinux_secmark_enabled();
peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
if (!secmark_active && !peerlbl_active)