From patchwork Fri Apr 21 09:49:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 9692297 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 526E960383 for ; Fri, 21 Apr 2017 09:49:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AAC5223A6 for ; Fri, 21 Apr 2017 09:49:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F7C328607; Fri, 21 Apr 2017 09:49:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3CB6223A6 for ; Fri, 21 Apr 2017 09:49:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1037471AbdDUJtI (ORCPT ); Fri, 21 Apr 2017 05:49:08 -0400 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:52512 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1037461AbdDUJtI (ORCPT ); Fri, 21 Apr 2017 05:49:08 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2) (envelope-from ) id 1d1VAL-0007m6-6L; Fri, 21 Apr 2017 11:47:49 +0200 From: Florian Westphal To: linux-security-module@vger.kernel.org Cc: pablo@netfilter.org, sds@tycho.nsa.gov, paul@paul-moore.com, casey@schaufler-ca.com, Florian Westphal Subject: [PATCH security-next 2/2] selinux: use pernet operations for hook registration Date: Fri, 21 Apr 2017 11:49:09 +0200 Message-Id: <20170421094909.28961-3-fw@strlen.de> X-Mailer: git-send-email 2.10.2 In-Reply-To: <20170421094909.28961-1-fw@strlen.de> References: <20170421094909.28961-1-fw@strlen.de> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP It will allow us to remove the old netfilter hook api in the near future. Signed-off-by: Florian Westphal --- security/selinux/hooks.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e67a526d1f30..3aa4268525e2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6448,6 +6448,23 @@ static struct nf_hook_ops selinux_nf_ops[] = { #endif /* IPV6 */ }; +static int __net_init selinux_nf_register(struct net *net) +{ + return nf_register_net_hooks(net, selinux_nf_ops, + ARRAY_SIZE(selinux_nf_ops)); +} + +static void __net_exit selinux_nf_unregister(struct net *net) +{ + nf_unregister_net_hooks(net, selinux_nf_ops, + ARRAY_SIZE(selinux_nf_ops)); +} + +static struct pernet_operations selinux_net_ops = { + .init = selinux_nf_register, + .exit = selinux_nf_unregister, +}; + static int __init selinux_nf_ip_init(void) { int err; @@ -6457,13 +6474,12 @@ static int __init selinux_nf_ip_init(void) printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); - err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); + err = register_pernet_subsys(&selinux_net_ops); if (err) - panic("SELinux: nf_register_hooks: error %d\n", err); + panic("SELinux: register_pernet_subsys: error %d\n", err); return 0; } - __initcall(selinux_nf_ip_init); #ifdef CONFIG_SECURITY_SELINUX_DISABLE @@ -6471,7 +6487,7 @@ static void selinux_nf_ip_exit(void) { printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); - nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops)); + unregister_pernet_subsys(&selinux_net_ops); } #endif