References: <69f0dab6.44d59.7949e6e5@gitrepo.freebsd.org>
index | | previous in thread | raw e-mail
On Tue, 28 Apr 2026, Kristof Provost wrote: > The branch stable/15 has been updated by kp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=47c12f20bf58b69e7ab1707e6e705907ad0d277e > > commit 47c12f20bf58b69e7ab1707e6e705907ad0d277e > Author: Kristof Provost <kp@FreeBSD.org> > AuthorDate: 2026-04-20 06:36:17 +0000 > Commit: Kristof Provost <kp@FreeBSD.org> > CommitDate: 2026-04-28 15:33:57 +0000 > > pf: only allow a subset of netlink calls when securelevel is set This seems to have broken LINT-NOVIMAGE on stable/15. sys/netlink/netlink_generic.c:154:6: error: call to undeclared function 'securelevel_ge'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] > Extend the genl_cmd struct to allow calls to also carry a securelevel. > If that's set compare the current securelevel to only allow the call if > the level is lower than that. > > If no value is specified continue to allow calls in any securelevel, > as before. > > This allows us to easily implement the same securelevel restrictions for > pf as we have for the corresponding ioctls. > > Reviewed by: glebius > MFC after: 1 week > Sponsored by: Rubicon Communications, LLC ("Netgate") > Differential Revision: https://reviews.freebsd.org/D56390 > > (cherry picked from commit 9933bdcb12641839b7396ccd0c6b8a2d55d12744) -- Bjoern A. Zeeb r15:7home | help