netfilter: nf_tables: rise cap on SELinux secmark context

secmark context is artificially limited 256 bytes, rise it to 4Kbytes. Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support") Signed-off-by: Pablo Neira Ayuso <[email protected]>
author: Pablo Neira Ayuso <[email protected]> 2024-06-03 20:16:59 +0200
committer: Pablo Neira Ayuso <[email protected]> 2024-06-26 00:54:53 +0200
commit: e29630247be24c3987e2b048f8e152771b32d38b (patch)
tree: 83a702af31b13c8324c7d0d85eda6ce53156591c
parent: fe87a8deaad46c9a45381624f7e5f2f4fd145721 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index aa4094ca2444..639894ed1b97 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1376,7 +1376,7 @@ enum nft_secmark_attributes {
 #define NFTA_SECMARK_MAX	(__NFTA_SECMARK_MAX - 1)
 
 /* Max security context length */
-#define NFT_SECMARK_CTX_MAXLEN		256
+#define NFT_SECMARK_CTX_MAXLEN		4096
 
 /**
  * enum nft_reject_types - nf_tables reject expression reject types
author	Pablo Neira Ayuso <[email protected]>	2024-06-03 20:16:59 +0200
committer	Pablo Neira Ayuso <[email protected]>	2024-06-26 00:54:53 +0200
commit	e29630247be24c3987e2b048f8e152771b32d38b (patch)
tree	83a702af31b13c8324c7d0d85eda6ce53156591c
parent	fe87a8deaad46c9a45381624f7e5f2f4fd145721 (diff)