On Thu, May 13, 2021 at 4:16 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > Change the security_secctx_to_secid interface to use a lsmblob > structure in place of the single u32 secid in support of > module stacking. Change its callers to do the same. > > The security module hook is unchanged, still passing back a secid. > The infrastructure passes the correct entry from the lsmblob. > > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Cc: netdev@xxxxxxxxxxxxxxx > Cc: netfilter-devel@xxxxxxxxxxxxxxx > To: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > include/linux/security.h | 26 ++++++++++++++++++-- > kernel/cred.c | 4 +--- > net/netfilter/nft_meta.c | 10 ++++---- > net/netfilter/xt_SECMARK.c | 7 +++++- > net/netlabel/netlabel_unlabeled.c | 23 +++++++++++------- > security/security.c | 40 ++++++++++++++++++++++++++----- > 6 files changed, 85 insertions(+), 25 deletions(-) Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
