aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-07-26 23:17:56 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-26 23:17:56 -0400
commit228428428138e231a155464239880201e5cc8b44 (patch)
tree89b437f5501d03ca36b717e232337426d0de77ca /security/selinux
parent78681ac08a611313595d13cafabae1183b71ef48 (diff)
parent6c3b8fc618905d7599dcc514c99ce4293d476f39 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: netns: fix ip_rt_frag_needed rt_is_expired netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences netfilter: fix double-free and use-after free netfilter: arptables in netns for real netfilter: ip{,6}tables_security: fix future section mismatch selinux: use nf_register_hooks() netfilter: ebtables: use nf_register_hooks() Revert "pkt_sched: sch_sfq: dump a real number of flows" qeth: use dev->ml_priv instead of dev->priv syncookies: Make sure ECN is disabled net: drop unused BUG_TRAP() net: convert BUG_TRAP to generic WARN_ON drivers/net: convert BUG_TRAP to generic WARN_ON
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c27
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3481cde5bf1..da36dac6535 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5654,27 +5654,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
5654static int __init selinux_nf_ip_init(void) 5654static int __init selinux_nf_ip_init(void)
5655{ 5655{
5656 int err = 0; 5656 int err = 0;
5657 u32 iter;
5658 5657
5659 if (!selinux_enabled) 5658 if (!selinux_enabled)
5660 goto out; 5659 goto out;
5661 5660
5662 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); 5661 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5663 5662
5664 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { 5663 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5665 err = nf_register_hook(&selinux_ipv4_ops[iter]); 5664 if (err)
5666 if (err) 5665 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5667 panic("SELinux: nf_register_hook for IPv4: error %d\n",
5668 err);
5669 }
5670 5666
5671#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5667#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5672 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { 5668 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5673 err = nf_register_hook(&selinux_ipv6_ops[iter]); 5669 if (err)
5674 if (err) 5670 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5675 panic("SELinux: nf_register_hook for IPv6: error %d\n",
5676 err);
5677 }
5678#endif /* IPV6 */ 5671#endif /* IPV6 */
5679 5672
5680out: 5673out:
@@ -5686,15 +5679,11 @@ __initcall(selinux_nf_ip_init);
5686#ifdef CONFIG_SECURITY_SELINUX_DISABLE 5679#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5687static void selinux_nf_ip_exit(void) 5680static void selinux_nf_ip_exit(void)
5688{ 5681{
5689 u32 iter;
5690
5691 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); 5682 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5692 5683
5693 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) 5684 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5694 nf_unregister_hook(&selinux_ipv4_ops[iter]);
5695#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 5685#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5696 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) 5686 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5697 nf_unregister_hook(&selinux_ipv6_ops[iter]);
5698#endif /* IPV6 */ 5687#endif /* IPV6 */
5699} 5688}
5700#endif 5689#endif