diff mbox

[net-next,39/43] selinux: adapt it to pernet hooks

Message ID 1434554932-4552-39-git-send-email-ebiederm@xmission.com
State Awaiting Upstream, archived
Delegated to: David Miller
Headers show

Commit Message

Eric W. Biederman June 17, 2015, 3:28 p.m. UTC 
From: Pablo Neira Ayuso <pablo@netfilter.org>

Since pernet hooks, we need to register the hook for each netnamespace space.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Eric W Biederman <ebiederm@xmission.com>
---
 security/selinux/hooks.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)
diff mbox

Patch

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 21a5e07b6834..f8db1d2ce9c2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6147,6 +6147,22 @@  static struct nf_hook_ops selinux_nf_ops[] = {
 #endif	/* IPV6 */
 };
 
+static int selinux_net_init(struct net *net)
+{
+	return nf_register_hooks(net, selinux_nf_ops,
+				 ARRAY_SIZE(selinux_nf_ops));
+}
+
+static void selinux_net_exit(struct net *net)
+{
+	nf_unregister_hooks(net, selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
+}
+
+static struct pernet_operations selinux_net_ops = {
+	.init = selinux_net_init,
+	.exit = selinux_net_exit,
+};
+
 static int __init selinux_nf_ip_init(void)
 {
 	int err;
@@ -6156,8 +6172,7 @@  static int __init selinux_nf_ip_init(void)
 
 	printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
 
-	err = nf_register_hooks(&init_net, selinux_nf_ops,
-				ARRAY_SIZE(selinux_nf_ops));
+	err = register_pernet_subsys(&selinux_net_ops);
 	if (err)
 		panic("SELinux: nf_register_hooks: error %d\n", err);
 
@@ -6171,7 +6186,7 @@  static void selinux_nf_ip_exit(void)
 {
 	printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
 
-	nf_unregister_hooks(&init_net, selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
+	unregister_pernet_subsys(&selinux_net_ops);
 }
 #endif