diff options
| author |   Casey Schaufler <casey@schaufler-ca.com> | 2024-07-10 14:32:25 -0700 |
|---|---|---|
| committer |   Paul Moore <paul@paul-moore.com> | 2024-07-29 16:54:50 -0400 |
| commit | 2aff9d20d50ac45dd13a013ef5231f4fb8912356 (patch) | |
| tree | c9fd24e54e311830f16c354d86a1c574ac196bb2 /security/apparmor/include/net.h | |
| parent | Linux 6.11-rc1 (diff) | |
| download | wireguard-linux-2aff9d20d50ac45dd13a013ef5231f4fb8912356.tar.xz wireguard-linux-2aff9d20d50ac45dd13a013ef5231f4fb8912356.zip | |
lsm: infrastructure management of the sock security
Move management of the sock->sk_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/apparmor/include/net.h')
| -rw-r--r-- | security/apparmor/include/net.h | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h index 67bf888c3bd6..c42ed8a73f1c 100644 --- a/security/apparmor/include/net.h +++ b/security/apparmor/include/net.h @@ -51,10 +51,9 @@ struct aa_sk_ctx { struct aa_label *peer; }; -#define SK_CTX(X) ((X)->sk_security) static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) { - return sk->sk_security; + return sk->sk_security + apparmor_blob_sizes.lbs_sock; } #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ |