selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN
authorPaul Moore <paul@paul-moore.com>
Wed, 28 Nov 2018 17:57:33 +0000 (12:57 -0500)
committerPaul Moore <paul@paul-moore.com>
Thu, 29 Nov 2018 16:32:02 +0000 (11:32 -0500)
commit598e1a42e9626213565d3b22ea948ce78556512a
treeac1e1196cb004ea8c1b0ecd5ac623dc58c1a2d02
parent877181a8d9dc663f7a73f77f50af714d7888ec3b
selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN

Commit 32a4f5ecd738 ("net: sched: introduce chain object to uapi")
added new RTM_* definitions without properly updating SELinux, this
patch adds the necessary SELinux support.

While there was a BUILD_BUG_ON() in the SELinux code to protect from
exactly this case, it was bypassed in the broken commit.  In order to
hopefully prevent this from happening in the future, add additional
comments which provide some instructions on how to resolve the
BUILD_BUG_ON() failures.

Fixes: 32a4f5ecd738 ("net: sched: introduce chain object to uapi")
Cc: <stable@vger.kernel.org> # 4.19
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/nlmsgtab.c