git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Paris <eparis@redhat.com>
	Wed, 13 Oct 2010 20:24:54 +0000 (16:24 -0400)
committer	James Morris <jmorris@namei.org>
	Wed, 20 Oct 2010 23:12:51 +0000 (10:12 +1100)
commit	7e67d61b8cc2d4d7fa6acc8c4180a9e683db4050
tree	e5cf71ae9a2c43ca13b1820551df2aebbbd0d757	tree \| snapshot
parent	553a0023876e5632ca284fe2901e34b9f211810e	commit \| diff

conntrack: export lsm context rather than internal secid via netlink

The conntrack code can export the internal secid to userspace.  These are
dynamic, can change on lsm changes, and have no meaning in userspace.  We
should instead be sending lsm contexts to userspace instead.  This patch sends
the secctx (rather than secid) to userspace over the netlink socket.  We use a
new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
not send particularly useful information.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>

include/linux/netfilter/nfnetlink_conntrack.h		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history