diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-28 16:24:06 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-10-28 16:24:06 -0400 |
commit | def8b4faff5ca349beafbbfeb2c51f3602a6ef3a (patch) | |
tree | a90fbb0b6ae2a49c507465801f31df77bc5ebf9d /security/selinux/hooks.c | |
parent | b057efd4d226fcc3a92b0dc6d8ea8e8185ecb260 (diff) |
net: reduce structures when XFRM=n
ifdef out
* struct sk_buff::sp (pointer)
* struct dst_entry::xfrm (pointer)
* struct sock::sk_policy (2 pointers)
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3e3fde7c1d2b..aedf02b1345a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
4626 | * as fast and as clean as possible. */ | 4626 | * as fast and as clean as possible. */ |
4627 | if (selinux_compat_net || !selinux_policycap_netpeer) | 4627 | if (selinux_compat_net || !selinux_policycap_netpeer) |
4628 | return selinux_ip_postroute_compat(skb, ifindex, family); | 4628 | return selinux_ip_postroute_compat(skb, ifindex, family); |
4629 | 4629 | #ifdef CONFIG_XFRM | |
4630 | /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec | 4630 | /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec |
4631 | * packet transformation so allow the packet to pass without any checks | 4631 | * packet transformation so allow the packet to pass without any checks |
4632 | * since we'll have another chance to perform access control checks | 4632 | * since we'll have another chance to perform access control checks |
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex, | |||
4635 | * is NULL, in this case go ahead and apply access control. */ | 4635 | * is NULL, in this case go ahead and apply access control. */ |
4636 | if (skb->dst != NULL && skb->dst->xfrm != NULL) | 4636 | if (skb->dst != NULL && skb->dst->xfrm != NULL) |
4637 | return NF_ACCEPT; | 4637 | return NF_ACCEPT; |
4638 | 4638 | #endif | |
4639 | secmark_active = selinux_secmark_enabled(); | 4639 | secmark_active = selinux_secmark_enabled(); |
4640 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); | 4640 | peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); |
4641 | if (!secmark_active && !peerlbl_active) | 4641 | if (!secmark_active && !peerlbl_active) |