From 342a0cff0ad5fba6b591cfa37db3c65c4d9913f8 Mon Sep 17 00:00:00 2001 From: Venkat Yekkirala Date: Fri, 26 Jan 2007 19:03:48 -0800 Subject: [PATCH 1/2] [SELINUX]: Fix 2.6.20-rc6 build when no xfrm This patch is an incremental fix to the flow_cache_genid patch for selinux that breaks the build of 2.6.20-rc6 when xfrm is not configured. Signed-off-by: Venkat Yekkirala Signed-off-by: David S. Miller --- security/selinux/include/xfrm.h | 9 +++++++++ security/selinux/ss/services.c | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 161eb571c82d..31929e39f5ca 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h @@ -37,6 +37,11 @@ int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, struct avc_audit_data *ad, u8 proto); int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); + +static inline void selinux_xfrm_notify_policyload(void) +{ + atomic_inc(&flow_cache_genid); +} #else static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, struct avc_audit_data *ad) @@ -55,6 +60,10 @@ static inline int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int *sid = SECSID_NULL; return 0; } + +static inline void selinux_xfrm_notify_policyload(void) +{ +} #endif static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ff0393317f39..ca9154dc5d82 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1299,7 +1299,7 @@ int security_load_policy(void *data, size_t len) avc_ss_reset(seqno); selnl_notify_policyload(seqno); selinux_netlbl_cache_invalidate(); - atomic_inc(&flow_cache_genid); + selinux_xfrm_notify_policyload(); return 0; } @@ -1355,7 +1355,7 @@ int security_load_policy(void *data, size_t len) avc_ss_reset(seqno); selnl_notify_policyload(seqno); selinux_netlbl_cache_invalidate(); - atomic_inc(&flow_cache_genid); + selinux_xfrm_notify_policyload(); return 0; @@ -1855,7 +1855,7 @@ int security_set_bools(int len, int *values) if (!rc) { avc_ss_reset(seqno); selnl_notify_policyload(seqno); - atomic_inc(&flow_cache_genid); + selinux_xfrm_notify_policyload(); } return rc; } From 095b8501e4168ae5a879fcb9420ac48cbd43f95a Mon Sep 17 00:00:00 2001 From: Robert Olsson Date: Fri, 26 Jan 2007 19:06:01 -0800 Subject: [PATCH 2/2] [IPV4]: Fix single-entry /proc/net/fib_trie output. When main table is just a single leaf this gets printed as belonging to the local table in /proc/net/fib_trie. A fix is below. Signed-off-by: Robert Olsson Acked-by: Eric W. Biederman Signed-off-by: David S. Miller --- net/ipv4/fib_trie.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 13307c04d5a1..1e589b91605e 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -2290,16 +2290,17 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v) if (v == SEQ_START_TOKEN) return 0; + if (!NODE_PARENT(n)) { + if (iter->trie == trie_local) + seq_puts(seq, ":\n"); + else + seq_puts(seq, "
:\n"); + } + if (IS_TNODE(n)) { struct tnode *tn = (struct tnode *) n; __be32 prf = htonl(MASK_PFX(tn->key, tn->pos)); - if (!NODE_PARENT(n)) { - if (iter->trie == trie_local) - seq_puts(seq, ":\n"); - else - seq_puts(seq, "
:\n"); - } seq_indent(seq, iter->depth-1); seq_printf(seq, " +-- %d.%d.%d.%d/%d %d %d %d\n", NIPQUAD(prf), tn->pos, tn->bits, tn->full_children,