On Thu, May 13, 2021 at 4:16 PM Casey Schaufler <ca...@schaufler-ca.com> wrote: > > Change the security_secctx_to_secid interface to use a lsmblob > structure in place of the single u32 secid in support of > module stacking. Change its callers to do the same. > > The security module hook is unchanged, still passing back a secid. > The infrastructure passes the correct entry from the lsmblob. > > Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> > Cc: net...@vger.kernel.org > Cc: netfilter-de...@vger.kernel.org > To: Pablo Neira Ayuso <pa...@netfilter.org> > --- > include/linux/security.h | 26 ++++++++++++++++++-- > kernel/cred.c | 4 +--- > net/netfilter/nft_meta.c | 10 ++++---- > net/netfilter/xt_SECMARK.c | 7 +++++- > net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- > security/security.c | 40 ++++++++++++++++++++++++++----- > 6 files changed, 85 insertions(+), 25 deletions(-)
Acked-by: Paul Moore <p...@paul-moore.com> -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit