--- v27
+++ v28
@@ -5,6 +5,8 @@
The security module hook is unchanged, still passing back a secid.
The infrastructure passes the correct entry from the lsmblob.
+Acked-by: Paul Moore <paul@paul-moore.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: netdev@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org
@@ -19,7 +21,7 @@
6 files changed, 85 insertions(+), 25 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
-index 5c664ba0fbc3..dbb1e5f5b591 100644
+index 332df8a1cd4d..986a8f4bcd54 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -196,6 +196,27 @@ static inline bool lsmblob_equal(struct lsmblob *bloba, struct lsmblob *blobb)
@@ -70,10 +72,10 @@
return -EOPNOTSUPP;
}
diff --git a/kernel/cred.c b/kernel/cred.c
-index ad845c99e2d1..b8e15dd371de 100644
+index ea36ec6e1ad8..38b00a1390f4 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
-@@ -757,14 +757,12 @@ EXPORT_SYMBOL(set_security_override);
+@@ -798,14 +798,12 @@ EXPORT_SYMBOL(set_security_override);
int set_security_override_from_ctx(struct cred *new, const char *secctx)
{
struct lsmblob blob;
@@ -152,7 +154,7 @@
pr_info_ratelimited("unable to map security context \'%s\'\n",
info->secctx);
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
-index 3e6ac9b790b1..dd18b259272f 100644
+index 2483df0bbd7c..c29a8d7a7070 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -882,7 +882,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb,
@@ -215,7 +217,7 @@
/**
diff --git a/security/security.c b/security/security.c
-index 5ec929f97963..578c3c6604f0 100644
+index 69474918be8b..1621a28bf9c4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2193,10 +2193,22 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
@@ -275,5 +277,5 @@
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
--
-2.29.2
-
+2.31.1
+