netfilter: nf_tables: rise cap on SELinux secmark context

[ Upstream commit e29630247be24c3987e2b048f8e152771b32d38b ] secmark context is artificially limited 256 bytes, rise it to 4Kbytes. Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-06-03 20:16:59 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-08-03 08:49:07 +0200
commit: 91152073579c87059410d89d1b7bfee7ef7d2a15 (patch)
tree: 0d559a244d6b7cf68392bbbf7c2cbeef50a3e33f /include
parent: 62b8b67cee182edd37718d7352ff29e92c8c9091 (diff)
download: linux-91152073579c87059410d89d1b7bfee7ef7d2a15.tar.gz
linux-91152073579c87059410d89d1b7bfee7ef7d2a15.tar.bz2
linux-91152073579c87059410d89d1b7bfee7ef7d2a15.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 707af820f1a9..672b2e1b47f2 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1324,7 +1324,7 @@ enum nft_secmark_attributes {
 #define NFTA_SECMARK_MAX	(__NFTA_SECMARK_MAX - 1)
 
 /* Max security context length */
-#define NFT_SECMARK_CTX_MAXLEN		256
+#define NFT_SECMARK_CTX_MAXLEN		4096
 
 /**
  * enum nft_reject_types - nf_tables reject expression reject types
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-06-03 20:16:59 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-08-03 08:49:07 +0200
commit	91152073579c87059410d89d1b7bfee7ef7d2a15 (patch)
tree	0d559a244d6b7cf68392bbbf7c2cbeef50a3e33f /include
parent	62b8b67cee182edd37718d7352ff29e92c8c9091 (diff)
download	linux-91152073579c87059410d89d1b7bfee7ef7d2a15.tar.gz linux-91152073579c87059410d89d1b7bfee7ef7d2a15.tar.bz2 linux-91152073579c87059410d89d1b7bfee7ef7d2a15.zip