netfilter: nf_tables: rise cap on SELinux secmark context

[ Upstream commit e29630247be24c3987e2b048f8e152771b32d38b ] secmark context is artificially limited 256 bytes, rise it to 4Kbytes. Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-06-03 21:16:59 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-08-03 09:59:40 +0300
commit: 28353278ee8c4a9e152a936eec2b8d48eecf7220 (patch)
tree: 9e2f29b893d77dfb02a06ea80d9916e39c4f0068 /include/uapi/linux
parent: bb65059d251a3702f17009cd3816da2fff958657 (diff)
download: linux-28353278ee8c4a9e152a936eec2b8d48eecf7220.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index aa4094ca2444..639894ed1b97 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1376,7 +1376,7 @@ enum nft_secmark_attributes {
 #define NFTA_SECMARK_MAX	(__NFTA_SECMARK_MAX - 1)
 
 /* Max security context length */
-#define NFT_SECMARK_CTX_MAXLEN		256
+#define NFT_SECMARK_CTX_MAXLEN		4096
 
 /**
  * enum nft_reject_types - nf_tables reject expression reject types
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-06-03 21:16:59 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-08-03 09:59:40 +0300
commit	28353278ee8c4a9e152a936eec2b8d48eecf7220 (patch)
tree	9e2f29b893d77dfb02a06ea80d9916e39c4f0068 /include/uapi/linux
parent	bb65059d251a3702f17009cd3816da2fff958657 (diff)
download	linux-28353278ee8c4a9e152a936eec2b8d48eecf7220.tar.xz