secmark: make secmark object handling generic

Right now secmark has lots of direct selinux calls. Use all LSM calls and remove all SELinux specific knowledge. The only SELinux specific knowledge we leave is the mode. The only point is to make sure that other LSMs at least test this generic code before they assume it works. (They may also have to make changes if they do not represent labels as strings) Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2010-10-13 16:24:41 -0400
committer: James Morris <jmorris@namei.org> 2010-10-20 19:12:48 -0400
commit: 2606fd1fa5710205b23ee859563502aa18362447 (patch)
tree: f79becd7010a2da1a765829fce0e09327cd50531 /include/linux/netfilter
parent: 15714f7b58011cf3948cab2988abea560240c74f (diff)
1 files changed, 3 insertions, 9 deletions
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
index 6fcd3448b18..989092bd627 100644
--- a/include/linux/netfilter/xt_SECMARK.h
+++ b/include/linux/netfilter/xt_SECMARK.h
@@ -11,18 +11,12 @@
 * packets are being marked for.
 */
 #define SECMARK_MODE_SEL        0x01            /* SELinux */
-#define SECMARK_SELCTX_MAX      256
+#define SECMARK_SECCTX_MAX      256
-struct xt_secmark_target_selinux_info {
-        __u32 selsid;
-        char selctx[SECMARK_SELCTX_MAX];
-};
 struct xt_secmark_target_info {
        __u8 mode;
-        union {
+        __u32 secid;
-                struct xt_secmark_target_selinux_info sel;
+        char secctx[SECMARK_SECCTX_MAX];
-        } u;
 };
 #endif /*_XT_SECMARK_H_target */
author	Eric Paris <eparis@redhat.com>	2010-10-13 16:24:41 -0400
committer	James Morris <jmorris@namei.org>	2010-10-20 19:12:48 -0400
commit	2606fd1fa5710205b23ee859563502aa18362447 (patch)
tree	f79becd7010a2da1a765829fce0e09327cd50531 /include/linux/netfilter
parent	15714f7b58011cf3948cab2988abea560240c74f (diff)