From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 3 Jun 2024 18:16:59 +0000 (+0200)
Subject: netfilter: nf_tables: rise cap on SELinux secmark context
X-Git-Tag: v6.11-rc1~163^2~115^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e29630247be24c3987e2b048f8e152771b32d38b;p=thirdparty%2Flinux.git

netfilter: nf_tables: rise cap on SELinux secmark context

secmark context is artificially limited 256 bytes, rise it to 4Kbytes.

Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index aa4094ca2444f..639894ed1b973 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1376,7 +1376,7 @@ enum nft_secmark_attributes {
 #define NFTA_SECMARK_MAX	(__NFTA_SECMARK_MAX - 1)
 
 /* Max security context length */
-#define NFT_SECMARK_CTX_MAXLEN		256
+#define NFT_SECMARK_CTX_MAXLEN		4096
 
 /**
  * enum nft_reject_types - nf_tables reject expression reject types