2606fd1fa5
Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
23 lines
486 B
C
23 lines
486 B
C
#ifndef _XT_SECMARK_H_target
|
|
#define _XT_SECMARK_H_target
|
|
|
|
#include <linux/types.h>
|
|
|
|
/*
|
|
* This is intended for use by various security subsystems (but not
|
|
* at the same time).
|
|
*
|
|
* 'mode' refers to the specific security subsystem which the
|
|
* packets are being marked for.
|
|
*/
|
|
#define SECMARK_MODE_SEL 0x01 /* SELinux */
|
|
#define SECMARK_SECCTX_MAX 256
|
|
|
|
struct xt_secmark_target_info {
|
|
__u8 mode;
|
|
__u32 secid;
|
|
char secctx[SECMARK_SECCTX_MAX];
|
|
};
|
|
|
|
#endif /*_XT_SECMARK_H_target */
|