aboutsummaryrefslogtreecommitdiff
path: root/net/xfrm
diff options
context:
space:
mode:
authorEugene Syromiatnikov2021-09-12 14:22:34 +0200
committerSteffen Klassert2021-09-14 10:31:35 +0200
commit844f7eaaed9267ae17d33778efe65548cc940205 (patch)
treeeaf192e17d2a8ffab56001de13d31d163bf3664d /net/xfrm
parent3c10ffddc61f8a1a59e29a110ba70b47e679206a (diff)
include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
Commit 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy") broke ABI by changing the value of the XFRM_MSG_MAPPING enum item, thus also evading the build-time check in security/selinux/nlmsgtab.c:selinux_nlmsg_lookup for presence of proper security permission checks in nlmsg_xfrm_perms. Fix it by placing XFRM_MSG_SETDEFAULT/XFRM_MSG_GETDEFAULT to the end of the enum, right before __XFRM_MSG_MAX, and updating the nlmsg_xfrm_perms accordingly. Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy") References: https://lore.kernel.org/netdev/20210901151402.GA2557@altlinux.org/ Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> Acked-by: Antony Antony <antony.antony@secunet.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
0 files changed, 0 insertions, 0 deletions