aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-10-28 16:24:06 -0400
committerDavid S. Miller <davem@davemloft.net>2008-10-28 16:24:06 -0400
commitdef8b4faff5ca349beafbbfeb2c51f3602a6ef3a (patch)
treea90fbb0b6ae2a49c507465801f31df77bc5ebf9d /security/selinux
parentb057efd4d226fcc3a92b0dc6d8ea8e8185ecb260 (diff)
net: reduce structures when XFRM=n
ifdef out * struct sk_buff::sp (pointer) * struct dst_entry::xfrm (pointer) * struct sock::sk_policy (2 pointers) Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2b..aedf02b1345a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4626,7 +4626,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4626 * as fast and as clean as possible. */ 4626 * as fast and as clean as possible. */
4627 if (selinux_compat_net || !selinux_policycap_netpeer) 4627 if (selinux_compat_net || !selinux_policycap_netpeer)
4628 return selinux_ip_postroute_compat(skb, ifindex, family); 4628 return selinux_ip_postroute_compat(skb, ifindex, family);
4629 4629#ifdef CONFIG_XFRM
4630 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec 4630 /* If skb->dst->xfrm is non-NULL then the packet is undergoing an IPsec
4631 * packet transformation so allow the packet to pass without any checks 4631 * packet transformation so allow the packet to pass without any checks
4632 * since we'll have another chance to perform access control checks 4632 * since we'll have another chance to perform access control checks
@@ -4635,7 +4635,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4635 * is NULL, in this case go ahead and apply access control. */ 4635 * is NULL, in this case go ahead and apply access control. */
4636 if (skb->dst != NULL && skb->dst->xfrm != NULL) 4636 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4637 return NF_ACCEPT; 4637 return NF_ACCEPT;
4638 4638#endif
4639 secmark_active = selinux_secmark_enabled(); 4639 secmark_active = selinux_secmark_enabled();
4640 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled(); 4640 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4641 if (!secmark_active && !peerlbl_active) 4641 if (!secmark_active && !peerlbl_active)