selinux: properly handle multiple messages in selinux_netlink_send()

Fix the SELinux netlink_send hook to properly handle multiple netlink
messages in a single sk_buff; each message is parsed and subject to
SELinux access control.  Prior to this patch, SELinux only inspected
the first message in the sk_buff.

Reported-by: Dmitry Vyukov <>
Reviewed-by: Stephen Smalley <>
Signed-off-by: Paul Moore <>
1 file changed