• Arnd Bergmann's avatar
    apparmor: add #ifdef checks for secmark filtering · e1af4779
    Arnd Bergmann authored
    The newly added code fails to build when either SECMARK or
    NETFILTER are disabled:
    
    security/apparmor/lsm.c: In function 'apparmor_socket_sock_rcv_skb':
    security/apparmor/lsm.c:1138:12: error: 'struct sk_buff' has no member named 'secmark'; did you mean 'mark'?
    
    security/apparmor/lsm.c:1671:21: error: 'struct nf_hook_state' declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
    
    Add a set of #ifdef checks around it to only enable the code that
    we can compile and that makes sense in that configuration.
    
    Fixes: ab9f2115 ("apparmor: Allow filtering based on secmark policy")
    Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    e1af4779
lsm.c 44.2 KB