[PATCH] lsm netfilter hook placement fix

• Previous message: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
• Next in thread: Greg KH: "Re: [PATCH] lsm netfilter hook placement fix"
• Reply: Greg KH: "Re: [PATCH] lsm netfilter hook placement fix"
• Reply: Chris Wright: "Re: [PATCH] lsm netfilter hook placement fix"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The patch below fixes an erroneous value for the first LSM IP hook 
priority, which needs to be derived from the connection tracking priority 
value rather than the first possible value.

If there are no objections, I'll apply this to the 2.4 and 2.5 trees.

- James
-- 
James Morris
<jmorrisat_private>

diff -urN -X dontdiff lsm-2.4/security/lsm_ip_glue.c lsm-2.4-w1/security/lsm_ip_glue.c
--- lsm-2.4/security/lsm_ip_glue.c	Tue Dec 11 13:27:40 2001
+++ lsm-2.4-w1/security/lsm_ip_glue.c	Fri Apr  5 19:34:03 2002
@@ -15,8 +15,8 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
 
-#define NF_IP_PRI_LSM_FIRST (NF_IP_PRI_FIRST + 20)
-#define NF_IP_PRI_LSM_LAST  (NF_IP_PRI_LAST - 20)
+#define NF_IP_PRI_LSM_FIRST	(NF_IP_PRI_CONNTRACK + 5)
+#define NF_IP_PRI_LSM_LAST	-NF_IP_PRI_LSM_FIRST
 
 static unsigned int
 preroute_first(unsigned int hooknum, struct sk_buff **pskb,

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen L. Johnson: "Status of Lomac for LSM"
• Previous message: Stephen Smalley: "Re: Stacking Openwall and SELinux?"
• Next in thread: Greg KH: "Re: [PATCH] lsm netfilter hook placement fix"
• Reply: Greg KH: "Re: [PATCH] lsm netfilter hook placement fix"
• Reply: Chris Wright: "Re: [PATCH] lsm netfilter hook placement fix"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 02:23:52 PST