On Jun 21, 2025 Casey Schaufler <[email protected]> wrote: > > The network secmark can only be used by one security module > at a time. Establish mechanism to identify to security modules > whether they have access to the secmark. SELinux already > incorparates mechanism, but it has to be added to Smack and > AppArmor. > > Signed-off-by: Casey Schaufler <[email protected]> > --- > include/linux/lsm_hooks.h | 1 + > security/apparmor/include/net.h | 5 +++++ > security/apparmor/lsm.c | 7 ++++--- > security/lsm_init.c | 6 ++++++ > security/selinux/hooks.c | 4 +++- > security/smack/smack.h | 5 +++++ > security/smack/smack_lsm.c | 3 ++- > security/smack/smack_netfilter.c | 10 ++++++++-- > 8 files changed, 34 insertions(+), 7 deletions(-)
We discussed this patch in a separate patchset, lore link below. https://lore.kernel.org/linux-security-module/[email protected]/ -- paul-moore.com
