From c7ec13b7cc3ca476634ff0cb0b123cc37612f65c Mon Sep 17 00:00:00 2001
From: Anders Roxell <anders.roxell@linaro.org>
Date: Thu, 18 Oct 2018 12:35:24 +0200
Subject: [PATCH] apparmor: fix build error if SECURITY_APPARMOR
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently if CONFIG_NETWORK_SECMARK isn't enabled there's a build error
because the 'struct sk_buff' have no member named secmark.

../security/apparmor/lsm.c: In function ‘apparmor_socket_sock_rcv_skb’:
../security/apparmor/lsm.c:1138:12: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
  if (!skb->secmark)
            ^~~~~~~
            mark
../security/apparmor/lsm.c:1142:16: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
           skb->secmark, sk);
                ^~~~~~~
                mark
../security/apparmor/lsm.c: In function ‘apparmor_inet_conn_request’:
../security/apparmor/lsm.c:1243:12: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
  if (!skb->secmark)
            ^~~~~~~
            mark
../security/apparmor/lsm.c:1247:16: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
           skb->secmark, sk);
                ^~~~~~~
                mark
../security/apparmor/lsm.c: In function ‘apparmor_ip_postroute’:
../security/apparmor/lsm.c:1676:12: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
  if (!skb->secmark)
            ^~~~~~~
            mark
../security/apparmor/lsm.c:1685:14: error: ‘struct sk_buff’ has no member named ‘secmark’; did you mean ‘mark’?
         skb->secmark, sk))
              ^~~~~~~
              mark
../security/apparmor/lsm.c: In function ‘apparmor_inet_conn_request’:
../security/apparmor/lsm.c:1248:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
../security/apparmor/lsm.c: In function ‘apparmor_socket_sock_rcv_skb’:
../security/apparmor/lsm.c:1143:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^

Reworked so CONFIG_SECURITY_APPARMOR selects CONFIG_NETWORK_SECMARK.

Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy")
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
---
 security/apparmor/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index b6b68a7750ce..6edcfb29f3f7 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -5,6 +5,7 @@ config SECURITY_APPARMOR
 	select SECURITY_PATH
 	select SECURITYFS
 	select SECURITY_NETWORK
+	select NETWORK_SECMARK
 	default n
 	help
 	  This enables the AppArmor security module.
-- 
2.19.1