diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-08 13:45:28 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-08 14:25:42 -0400 |
| commit | d16cf20e2f2f13411eece7f7fb72c17d141c4a84 (patch) | |
| tree | 8154b3db8cdbb4b8d9f35d4c407cfe961253f0b4 /security/selinux | |
| parent | 6714cf5465d2803a21c6a46c1ea747795a8889fa (diff) | |
netfilter: remove ip_queue support
This patch removes ip_queue support which was marked as obsolete
years ago. The nfnetlink_queue modules provides more advanced
user-space packet queueing mechanism.
This patch also removes capability code included in SELinux that
refers to ip_queue. Otherwise, we break compilation.
Several warning has been sent regarding this to the mailing list
in the past month without anyone rising the hand to stop this
with some strong argument.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/nlmsgtab.c | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 0920ea3bf59..d309e7f472d 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -14,7 +14,6 @@ | |||
| 14 | #include <linux/netlink.h> | 14 | #include <linux/netlink.h> |
| 15 | #include <linux/rtnetlink.h> | 15 | #include <linux/rtnetlink.h> |
| 16 | #include <linux/if.h> | 16 | #include <linux/if.h> |
| 17 | #include <linux/netfilter_ipv4/ip_queue.h> | ||
| 18 | #include <linux/inet_diag.h> | 17 | #include <linux/inet_diag.h> |
| 19 | #include <linux/xfrm.h> | 18 | #include <linux/xfrm.h> |
| 20 | #include <linux/audit.h> | 19 | #include <linux/audit.h> |
| @@ -70,12 +69,6 @@ static struct nlmsg_perm nlmsg_route_perms[] = | |||
| 70 | { RTM_SETDCB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, | 69 | { RTM_SETDCB, NETLINK_ROUTE_SOCKET__NLMSG_WRITE }, |
| 71 | }; | 70 | }; |
| 72 | 71 | ||
| 73 | static struct nlmsg_perm nlmsg_firewall_perms[] = | ||
| 74 | { | ||
| 75 | { IPQM_MODE, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE }, | ||
| 76 | { IPQM_VERDICT, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE }, | ||
| 77 | }; | ||
| 78 | |||
| 79 | static struct nlmsg_perm nlmsg_tcpdiag_perms[] = | 72 | static struct nlmsg_perm nlmsg_tcpdiag_perms[] = |
| 80 | { | 73 | { |
| 81 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, | 74 | { TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ }, |
| @@ -145,12 +138,6 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) | |||
| 145 | sizeof(nlmsg_route_perms)); | 138 | sizeof(nlmsg_route_perms)); |
| 146 | break; | 139 | break; |
| 147 | 140 | ||
| 148 | case SECCLASS_NETLINK_FIREWALL_SOCKET: | ||
| 149 | case SECCLASS_NETLINK_IP6FW_SOCKET: | ||
| 150 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_firewall_perms, | ||
| 151 | sizeof(nlmsg_firewall_perms)); | ||
| 152 | break; | ||
| 153 | |||
| 154 | case SECCLASS_NETLINK_TCPDIAG_SOCKET: | 141 | case SECCLASS_NETLINK_TCPDIAG_SOCKET: |
| 155 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_tcpdiag_perms, | 142 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_tcpdiag_perms, |
| 156 | sizeof(nlmsg_tcpdiag_perms)); | 143 | sizeof(nlmsg_tcpdiag_perms)); |