diff options
| author | Florian Westphal <fw@strlen.de> | 2017-04-21 05:49:09 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-06-02 10:27:46 -0400 |
| commit | 8e71bf75efceff07e04e1f8a4b7c0dbff7205949 (patch) | |
| tree | 8d3ac1a5570912e3ebc8f787e0442cb81f6aebc5 /security | |
| parent | 409dcf31538ae6ae96b3a0a1d3211e668bfefe8b (diff) | |
selinux: use pernet operations for hook registration
It will allow us to remove the old netfilter hook api in the near future.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 158f6a005246..9926adbd50a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -6540,6 +6540,23 @@ static struct nf_hook_ops selinux_nf_ops[] = { | |||
| 6540 | #endif /* IPV6 */ | 6540 | #endif /* IPV6 */ |
| 6541 | }; | 6541 | }; |
| 6542 | 6542 | ||
| 6543 | static int __net_init selinux_nf_register(struct net *net) | ||
| 6544 | { | ||
| 6545 | return nf_register_net_hooks(net, selinux_nf_ops, | ||
| 6546 | ARRAY_SIZE(selinux_nf_ops)); | ||
| 6547 | } | ||
| 6548 | |||
| 6549 | static void __net_exit selinux_nf_unregister(struct net *net) | ||
| 6550 | { | ||
| 6551 | nf_unregister_net_hooks(net, selinux_nf_ops, | ||
| 6552 | ARRAY_SIZE(selinux_nf_ops)); | ||
| 6553 | } | ||
| 6554 | |||
| 6555 | static struct pernet_operations selinux_net_ops = { | ||
| 6556 | .init = selinux_nf_register, | ||
| 6557 | .exit = selinux_nf_unregister, | ||
| 6558 | }; | ||
| 6559 | |||
| 6543 | static int __init selinux_nf_ip_init(void) | 6560 | static int __init selinux_nf_ip_init(void) |
| 6544 | { | 6561 | { |
| 6545 | int err; | 6562 | int err; |
| @@ -6549,13 +6566,12 @@ static int __init selinux_nf_ip_init(void) | |||
| 6549 | 6566 | ||
| 6550 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 6567 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
| 6551 | 6568 | ||
| 6552 | err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); | 6569 | err = register_pernet_subsys(&selinux_net_ops); |
| 6553 | if (err) | 6570 | if (err) |
| 6554 | panic("SELinux: nf_register_hooks: error %d\n", err); | 6571 | panic("SELinux: register_pernet_subsys: error %d\n", err); |
| 6555 | 6572 | ||
| 6556 | return 0; | 6573 | return 0; |
| 6557 | } | 6574 | } |
| 6558 | |||
| 6559 | __initcall(selinux_nf_ip_init); | 6575 | __initcall(selinux_nf_ip_init); |
| 6560 | 6576 | ||
| 6561 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 6577 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| @@ -6563,7 +6579,7 @@ static void selinux_nf_ip_exit(void) | |||
| 6563 | { | 6579 | { |
| 6564 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 6580 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
| 6565 | 6581 | ||
| 6566 | nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); | 6582 | unregister_pernet_subsys(&selinux_net_ops); |
| 6567 | } | 6583 | } |
| 6568 | #endif | 6584 | #endif |
| 6569 | 6585 | ||