Merge ../linux-2.6

1 files changed, 8 insertions, 11 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b61b9554bc27..90b4cdc0c948 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(char *str)
         return 1;
 }
 __setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
 #endif
 
 /* Original (dummy) security module. */
@@ -3229,7 +3231,7 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                 goto out;
 
         /* Handle mapped IPv4 packets arriving via IPv6 sockets */
-        if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP))
+        if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
                 family = PF_INET;
 
         read_lock_bh(&sk->sk_callback_lock);
@@ -4052,13 +4054,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
         return ipc_has_perm(ipcp, av);
 }
 
-static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
-{
-        struct ipc_security_struct *isec = ipcp->security;
-
-        return selinux_getsecurity(isec->sid, buffer, size);
-}
-
 /* module stacking operations */
 static int selinux_register_security (const char *name, struct security_operations *ops)
 {
@@ -4321,7 +4316,6 @@ static struct security_operations selinux_ops = {
         .task_to_inode =                selinux_task_to_inode,
 
         .ipc_permission =               selinux_ipc_permission,
-        .ipc_getsecurity =              selinux_ipc_getsecurity,
 
         .msg_msg_alloc_security =       selinux_msg_msg_alloc_security,
         .msg_msg_free_security =        selinux_msg_msg_free_security,
@@ -4428,6 +4422,7 @@ void selinux_complete_init(void)
 
         /* Set up any superblocks initialized prior to the policy load. */
         printk(KERN_INFO "SELinux:  Setting up existing superblocks.\n");
+        spin_lock(&sb_lock);
         spin_lock(&sb_security_lock);
 next_sb:
         if (!list_empty(&superblock_security_head)) {
@@ -4436,19 +4431,20 @@ next_sb:
                                            struct superblock_security_struct,
                                            list);
                 struct super_block *sb = sbsec->sb;
-                spin_lock(&sb_lock);
                 sb->s_count++;
-                spin_unlock(&sb_lock);
                 spin_unlock(&sb_security_lock);
+                spin_unlock(&sb_lock);
                 down_read(&sb->s_umount);
                 if (sb->s_root)
                         superblock_doinit(sb, NULL);
                 drop_super(sb);
+                spin_lock(&sb_lock);
                 spin_lock(&sb_security_lock);
                 list_del_init(&sbsec->list);
                 goto next_sb;
         }
         spin_unlock(&sb_security_lock);
+        spin_unlock(&sb_lock);
 }
 
 /* SELinux requires early initialization in order to label
@@ -4543,6 +4539,7 @@ int selinux_disable(void)
         printk(KERN_INFO "SELinux:  Disabled at runtime.\n");
 
         selinux_disabled = 1;
+        selinux_enabled = 0;
 
         /* Reset security_ops to the secondary module, dummy or capability. */
         security_ops = secondary_ops;