Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (109 commits) [ETHTOOL]: Fix UFO typo [SCTP]: Fix persistent slowdown in sctp when a gap ack consumes rx buffer. [SCTP]: Send only 1 window update SACK per message. [SCTP]: Don't do CRC32C checksum over loopback. [SCTP] Reset rtt_in_progress for the chunk when processing its sack. [SCTP]: Reject sctp packets with broadcast addresses. [SCTP]: Limit association max_retrans setting in setsockopt. [PFKEYV2]: Fix inconsistent typing in struct sadb_x_kmprivate. [IPV6]: Sum real space for RTAs. [IRDA]: Use put_unaligned() in irlmp_do_discovery(). [BRIDGE]: Add support for NETIF_F_HW_CSUM devices [NET]: Add NETIF_F_GEN_CSUM and NETIF_F_ALL_CSUM [TG3]: Convert to non-LLTX [TG3]: Remove unnecessary tx_lock [TCP]: Add tcp_slow_start_after_idle sysctl. [BNX2]: Update version and reldate [BNX2]: Use CPU native page size [BNX2]: Use compressed firmware [BNX2]: Add firmware decompression [BNX2]: Allow WoL settings on new 5708 chips ... Manual fixup for conflict in drivers/net/tulip/winbond-840.c
author: Linus Torvalds <torvalds@g5.osdl.org> 2006-06-19 21:55:56 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-06-19 21:55:56 -0400
commit: d0b952a9837f81cd89e756b1b34293fa6e1cb59d (patch)
tree: fbe488bc5f407afa0e91cefb262d9e9ee69062ac /security/selinux/Kconfig
parent: d90125bfe958ed0451c6b98f831c86aba08b43d5 (diff)
parent: 47552c4e555eefe381f3d45140b59a2ea4b16486 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index f636f53ca544..814ddc42f1f4 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -1,6 +1,7 @@
 config SECURITY_SELINUX
        bool "NSA SELinux Support"
        depends on SECURITY_NETWORK && AUDIT && NET && INET
+        select NETWORK_SECMARK
        default n
        help
          This selects NSA Security-Enhanced Linux (SELinux).
@@ -95,3 +96,31 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
          via /selinux/checkreqprot if authorized by policy.
          If you are unsure how to answer this question, answer 1.
+config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
+        bool "NSA SELinux enable new secmark network controls by default"
+        depends on SECURITY_SELINUX
+        default n
+        help
+          This option determines whether the new secmark-based network
+          controls will be enabled by default.  If not, the old internal
+          per-packet controls will be enabled by default, preserving
+          old behavior.
+          If you enable the new controls, you will need updated
+          SELinux userspace libraries, tools and policy.  Typically,
+          your distribution will provide these and enable the new controls
+          in the kernel they also distribute.
+          Note that this option can be overriden at boot with the
+          selinux_compat_net parameter, and after boot via
+          /selinux/compat_net.  See Documentation/kernel-parameters.txt
+          for details on this parameter.
+          If you enable the new network controls, you will likely
+          also require the SECMARK and CONNSECMARK targets, as
+          well as any conntrack helpers for protocols which you
+          wish to control.
+          If you are unsure what do do here, select N.
author	Linus Torvalds <torvalds@g5.osdl.org>	2006-06-19 21:55:56 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-06-19 21:55:56 -0400
commit	d0b952a9837f81cd89e756b1b34293fa6e1cb59d (patch)
tree	fbe488bc5f407afa0e91cefb262d9e9ee69062ac /security/selinux/Kconfig
parent	d90125bfe958ed0451c6b98f831c86aba08b43d5 (diff)
parent	47552c4e555eefe381f3d45140b59a2ea4b16486 (diff)

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index f636f53ca544..814ddc42f1f4 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig
@@ -1,6 +1,7 @@
1	config SECURITY_SELINUX	1	config SECURITY_SELINUX
2	bool "NSA SELinux Support"	2	bool "NSA SELinux Support"
3	depends on SECURITY_NETWORK && AUDIT && NET && INET	3	depends on SECURITY_NETWORK && AUDIT && NET && INET
		4	select NETWORK_SECMARK
4	default n	5	default n
5	help	6	help
6	This selects NSA Security-Enhanced Linux (SELinux).	7	This selects NSA Security-Enhanced Linux (SELinux).
@@ -95,3 +96,31 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
95	via /selinux/checkreqprot if authorized by policy.	96	via /selinux/checkreqprot if authorized by policy.
96		97
97	If you are unsure how to answer this question, answer 1.	98	If you are unsure how to answer this question, answer 1.
		99
		100	config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
		101	bool "NSA SELinux enable new secmark network controls by default"
		102	depends on SECURITY_SELINUX
		103	default n
		104	help
		105	This option determines whether the new secmark-based network
		106	controls will be enabled by default. If not, the old internal
		107	per-packet controls will be enabled by default, preserving
		108	old behavior.
		109
		110	If you enable the new controls, you will need updated
		111	SELinux userspace libraries, tools and policy. Typically,
		112	your distribution will provide these and enable the new controls
		113	in the kernel they also distribute.
		114
		115	Note that this option can be overriden at boot with the
		116	selinux_compat_net parameter, and after boot via
		117	/selinux/compat_net. See Documentation/kernel-parameters.txt
		118	for details on this parameter.
		119
		120	If you enable the new network controls, you will likely
		121	also require the SECMARK and CONNSECMARK targets, as
		122	well as any conntrack helpers for protocols which you
		123	wish to control.
		124
		125	If you are unsure what do do here, select N.
		126