extensions: SECMARK: Implement revision 1

The changed data structure for communication with kernel allows to exclude the field 'secid' which is populated on kernel side. Thus this fixes the formerly always failing extension comparison breaking rule check and rule delete by content. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2021-04-29 15:28:59 +0200
committer: Phil Sutter <phil@nwl.cc> 2021-05-04 00:09:45 +0200
commit: 616800af0da86d151cb695f1376d5ec6ede6fa72 (patch)
tree: 1c5db781b8d7e723422c6e9be8c558cef5adb03c /extensions/libxt_SECMARK.t
parent: 1e984079817a3c804eae25dea937d63d18c57a6c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/libxt_SECMARK.t b/extensions/libxt_SECMARK.t
new file mode 100644
index 00000000..39d4c093
--- /dev/null
+++ b/extensions/libxt_SECMARK.t
@@ -0,0 +1,4 @@
+:INPUT,FORWARD,OUTPUT
+*security
+-j SECMARK --selctx system_u:object_r:firewalld_exec_t:s0;=;OK
+-j SECMARK;;FAIL
author	Phil Sutter <phil@nwl.cc>	2021-04-29 15:28:59 +0200
committer	Phil Sutter <phil@nwl.cc>	2021-05-04 00:09:45 +0200
commit	616800af0da86d151cb695f1376d5ec6ede6fa72 (patch)
tree	1c5db781b8d7e723422c6e9be8c558cef5adb03c /extensions/libxt_SECMARK.t
parent	1e984079817a3c804eae25dea937d63d18c57a6c (diff)