LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] Smack: fix netfilter Makefile entry
@ 2015-01-28 16:12 Arnd Bergmann
  2015-01-28 16:27 ` Casey Schaufler
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Arnd Bergmann @ 2015-01-28 16:12 UTC (permalink / raw)
  To: Casey Schaufler; +Cc: linux-security-module, linux-kernel, linux-arm-kernel

The newly added Smack support for netfilter secmark has its own
Kconfig symbol, but the actual implementation is conditionally
built on another symbol.

It is possible for CONFIG_NETFILTER and SECURITY_SMACK to both
be enabled, but NETWORK_SECMARK to be disabled, in which case
we get a build error:

../security/smack/smack_netfilter.c: In function 'smack_ipv6_output':
../security/smack/smack_netfilter.c:36:6: error: 'struct sk_buff' has no member named 'secmark'
   skb->secmark = skp->smk_secid;
      ^
../security/smack/smack_netfilter.c: In function 'smack_ipv4_output':
../security/smack/smack_netfilter.c:55:6: error: 'struct sk_buff' has no member named 'secmark'
   skb->secmark = skp->smk_secid;
      ^

This changes the Makefile to use the correct Kconfig symbol.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 69f287ae6fc83 ("Smack: secmark support for netfilter")

diff --git a/security/smack/Makefile b/security/smack/Makefile
index 616cf93b368e..d4a376c84050 100644
--- a/security/smack/Makefile
+++ b/security/smack/Makefile
@@ -5,4 +5,4 @@
 obj-$(CONFIG_SECURITY_SMACK) := smack.o
 
 smack-y := smack_lsm.o smack_access.o smackfs.o
-smack-$(CONFIG_NETFILTER) += smack_netfilter.o
+smack-$(SECURITY_SMACK_NETFILTER) += smack_netfilter.o


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Smack: fix netfilter Makefile entry
  2015-01-28 16:12 [PATCH] Smack: fix netfilter Makefile entry Arnd Bergmann
@ 2015-01-28 16:27 ` Casey Schaufler
  2015-01-28 16:29   ` Arnd Bergmann
  2015-01-28 18:18 ` Sergei Shtylyov
  2015-01-29  0:36 ` Paul Bolle
  2 siblings, 1 reply; 6+ messages in thread
From: Casey Schaufler @ 2015-01-28 16:27 UTC (permalink / raw)
  To: Arnd Bergmann; +Cc: linux-security-module, linux-kernel, linux-arm-kernel

On 1/28/2015 8:12 AM, Arnd Bergmann wrote:
> The newly added Smack support for netfilter secmark has its own
> Kconfig symbol, but the actual implementation is conditionally
> built on another symbol.

A patch for this problem, 82b0b2c2b1e64ad6c5309a9eeba806af9812666b
is already available in:

	git://git.gitorious.org/smack-next/kernel.git smack-for-3.20-rebased

A pull request has sent to James Morris for inclusion in the security tree.

>
> It is possible for CONFIG_NETFILTER and SECURITY_SMACK to both
> be enabled, but NETWORK_SECMARK to be disabled, in which case
> we get a build error:
>
> ../security/smack/smack_netfilter.c: In function 'smack_ipv6_output':
> ../security/smack/smack_netfilter.c:36:6: error: 'struct sk_buff' has no member named 'secmark'
>    skb->secmark = skp->smk_secid;
>       ^
> ../security/smack/smack_netfilter.c: In function 'smack_ipv4_output':
> ../security/smack/smack_netfilter.c:55:6: error: 'struct sk_buff' has no member named 'secmark'
>    skb->secmark = skp->smk_secid;
>       ^
>
> This changes the Makefile to use the correct Kconfig symbol.
>
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Fixes: 69f287ae6fc83 ("Smack: secmark support for netfilter")
>
> diff --git a/security/smack/Makefile b/security/smack/Makefile
> index 616cf93b368e..d4a376c84050 100644
> --- a/security/smack/Makefile
> +++ b/security/smack/Makefile
> @@ -5,4 +5,4 @@
>  obj-$(CONFIG_SECURITY_SMACK) := smack.o
>  
>  smack-y := smack_lsm.o smack_access.o smackfs.o
> -smack-$(CONFIG_NETFILTER) += smack_netfilter.o
> +smack-$(SECURITY_SMACK_NETFILTER) += smack_netfilter.o
>
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Smack: fix netfilter Makefile entry
  2015-01-28 16:27 ` Casey Schaufler
@ 2015-01-28 16:29   ` Arnd Bergmann
  0 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2015-01-28 16:29 UTC (permalink / raw)
  To: Casey Schaufler; +Cc: linux-security-module, linux-kernel, linux-arm-kernel

On Wednesday 28 January 2015 08:27:20 Casey Schaufler wrote:
> On 1/28/2015 8:12 AM, Arnd Bergmann wrote:
> > The newly added Smack support for netfilter secmark has its own
> > Kconfig symbol, but the actual implementation is conditionally
> > built on another symbol.
> 
> A patch for this problem, 82b0b2c2b1e64ad6c5309a9eeba806af9812666b
> is already available in:
> 
> 	git://git.gitorious.org/smack-next/kernel.git smack-for-3.20-rebased
> 
> A pull request has sent to James Morris for inclusion in the security tree.

Ok, thanks!

	Arnd

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Smack: fix netfilter Makefile entry
  2015-01-28 16:12 [PATCH] Smack: fix netfilter Makefile entry Arnd Bergmann
  2015-01-28 16:27 ` Casey Schaufler
@ 2015-01-28 18:18 ` Sergei Shtylyov
  2015-01-28 19:23   ` Arnd Bergmann
  2015-01-29  0:36 ` Paul Bolle
  2 siblings, 1 reply; 6+ messages in thread
From: Sergei Shtylyov @ 2015-01-28 18:18 UTC (permalink / raw)
  To: Arnd Bergmann, Casey Schaufler
  Cc: linux-security-module, linux-kernel, linux-arm-kernel

Hello.

On 01/28/2015 07:12 PM, Arnd Bergmann wrote:

> The newly added Smack support for netfilter secmark has its own
> Kconfig symbol, but the actual implementation is conditionally
> built on another symbol.

> It is possible for CONFIG_NETFILTER and SECURITY_SMACK to both
> be enabled, but NETWORK_SECMARK to be disabled, in which case
> we get a build error:

> ../security/smack/smack_netfilter.c: In function 'smack_ipv6_output':
> ../security/smack/smack_netfilter.c:36:6: error: 'struct sk_buff' has no member named 'secmark'
>     skb->secmark = skp->smk_secid;
>        ^
> ../security/smack/smack_netfilter.c: In function 'smack_ipv4_output':
> ../security/smack/smack_netfilter.c:55:6: error: 'struct sk_buff' has no member named 'secmark'
>     skb->secmark = skp->smk_secid;
>        ^
>
> This changes the Makefile to use the correct Kconfig symbol.

> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Fixes: 69f287ae6fc83 ("Smack: secmark support for netfilter")

> diff --git a/security/smack/Makefile b/security/smack/Makefile
> index 616cf93b368e..d4a376c84050 100644
> --- a/security/smack/Makefile
> +++ b/security/smack/Makefile
> @@ -5,4 +5,4 @@
>   obj-$(CONFIG_SECURITY_SMACK) := smack.o
>
>   smack-y := smack_lsm.o smack_access.o smackfs.o
> -smack-$(CONFIG_NETFILTER) += smack_netfilter.o
> +smack-$(SECURITY_SMACK_NETFILTER) += smack_netfilter.o

    CONFIG_ missing?

WBR, Sergei


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Smack: fix netfilter Makefile entry
  2015-01-28 18:18 ` Sergei Shtylyov
@ 2015-01-28 19:23   ` Arnd Bergmann
  0 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2015-01-28 19:23 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: Sergei Shtylyov, Casey Schaufler, linux-security-module, linux-kernel

On Wednesday 28 January 2015 21:18:11 Sergei Shtylyov wrote:
> > diff --git a/security/smack/Makefile b/security/smack/Makefile
> > index 616cf93b368e..d4a376c84050 100644
> > --- a/security/smack/Makefile
> > +++ b/security/smack/Makefile
> > @@ -5,4 +5,4 @@
> >   obj-$(CONFIG_SECURITY_SMACK) := smack.o
> >
> >   smack-y := smack_lsm.o smack_access.o smackfs.o
> > -smack-$(CONFIG_NETFILTER) += smack_netfilter.o
> > +smack-$(SECURITY_SMACK_NETFILTER) += smack_netfilter.o
> 
>     CONFIG_ missing?

Yes, you are right. Anyway, as another fix is already queued,
it doesn't matter any more.

	Arnd

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] Smack: fix netfilter Makefile entry
  2015-01-28 16:12 [PATCH] Smack: fix netfilter Makefile entry Arnd Bergmann
  2015-01-28 16:27 ` Casey Schaufler
  2015-01-28 18:18 ` Sergei Shtylyov
@ 2015-01-29  0:36 ` Paul Bolle
  2 siblings, 0 replies; 6+ messages in thread
From: Paul Bolle @ 2015-01-29  0:36 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Casey Schaufler, linux-security-module, linux-kernel, linux-arm-kernel

On Wed, 2015-01-28 at 17:12 +0100, Arnd Bergmann wrote:
> The newly added Smack support for netfilter secmark has its own
> Kconfig symbol, but the actual implementation is conditionally
> built on another symbol.
> 
> It is possible for CONFIG_NETFILTER and SECURITY_SMACK to both
> be enabled, but NETWORK_SECMARK to be disabled, in which case
> we get a build error:
> 
> ../security/smack/smack_netfilter.c: In function 'smack_ipv6_output':
> ../security/smack/smack_netfilter.c:36:6: error: 'struct sk_buff' has no member named 'secmark'
>    skb->secmark = skp->smk_secid;
>       ^
> ../security/smack/smack_netfilter.c: In function 'smack_ipv4_output':
> ../security/smack/smack_netfilter.c:55:6: error: 'struct sk_buff' has no member named 'secmark'
>    skb->secmark = skp->smk_secid;
>       ^
> 
> This changes the Makefile to use the correct Kconfig symbol.
> 
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
> Fixes: 69f287ae6fc83 ("Smack: secmark support for netfilter")
> 
> diff --git a/security/smack/Makefile b/security/smack/Makefile
> index 616cf93b368e..d4a376c84050 100644
> --- a/security/smack/Makefile
> +++ b/security/smack/Makefile
> @@ -5,4 +5,4 @@
>  obj-$(CONFIG_SECURITY_SMACK) := smack.o
>  
>  smack-y := smack_lsm.o smack_access.o smackfs.o
> -smack-$(CONFIG_NETFILTER) += smack_netfilter.o
> +smack-$(SECURITY_SMACK_NETFILTER) += smack_netfilter.o

You probably wanted to use:
    CONFIG_SECURITY_SMACK_NETFILTER


Paul Bolle


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2015-01-29  1:15 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-28 16:12 [PATCH] Smack: fix netfilter Makefile entry Arnd Bergmann
2015-01-28 16:27 ` Casey Schaufler
2015-01-28 16:29   ` Arnd Bergmann
2015-01-28 18:18 ` Sergei Shtylyov
2015-01-28 19:23   ` Arnd Bergmann
2015-01-29  0:36 ` Paul Bolle

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).