X-Git-Url: https://bbs.cooldavid.org/git/?p=net-next-2.6.git;a=blobdiff_plain;f=security%2Fselinux%2Fhooks.c;h=156ef93d6f7d8030e72b85822f13b597bfeb9736;hp=f590fb8e91430909246213934b17970f827870c7;hb=2fe66ec242d3f76e3b0101f36419e7e5405bcff3;hpb=04f6d70f6e64900a5d70a5fc199dd9d5fa787738

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f590fb8e914..156ef93d6f7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4524,11 +4524,11 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
 	if (selinux_secmark_enabled())
 		if (avc_has_perm(sksec->sid, skb->secmark,
 				 SECCLASS_PACKET, PACKET__SEND, &ad))
-			return NF_DROP;
+			return NF_DROP_ERR(-ECONNREFUSED);
 
 	if (selinux_policycap_netpeer)
 		if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
-			return NF_DROP;
+			return NF_DROP_ERR(-ECONNREFUSED);
 
 	return NF_ACCEPT;
 }