Commit e2963024 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: rise cap on SELinux secmark context 



secmark context is artificially limited 256 bytes, rise it to 4Kbytes.

Fixes: fb961945 ("netfilter: nf_tables: add SECMARK support")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fe87a8de

include/uapi/linux/netfilter/nf_tables.h

+1 −1
Original line number Diff line number Diff line
@@ -1376,7 +1376,7 @@ enum nft_secmark_attributes { 
#define NFTA_SECMARK_MAX	(__NFTA_SECMARK_MAX - 1)



/* Max security context length */

#define NFT_SECMARK_CTX_MAXLEN		256

#define NFT_SECMARK_CTX_MAXLEN		4096



/**

 * enum nft_reject_types - nf_tables reject expression reject types