[PATCH 29/59] NET: Remove scaffolding on new secmarks
Casey Schaufler
casey at schaufler-ca.com
Tue Apr 9 19:18:18 UTC 2019
Replace the lsm_export scaffolding in nft_meta.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
net/netfilter/nft_meta.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 598bea8e4799..a1d3dab5bc25 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -580,11 +580,17 @@ static int nft_secmark_compute_secid(struct nft_secmark *priv)
u32 tmp_secid = 0;
int err;
+ lsm_export_init(&le);
err = security_secctx_to_secid(priv->ctx, strlen(priv->ctx), &le);
if (err)
return err;
- lsm_export_secid(&le, &tmp_secid);
+ /* Use the "best" secid */
+ if (le.selinux)
+ tmp_secid = le.selinux;
+ else
+ tmp_secid = le.smack;
+
if (!tmp_secid)
return -ENOENT;
--
2.19.1
More information about the Linux-security-module-archive
mailing list