diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 23:17:56 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 23:17:56 -0400 |
commit | 228428428138e231a155464239880201e5cc8b44 (patch) | |
tree | 89b437f5501d03ca36b717e232337426d0de77ca /security/selinux/hooks.c | |
parent | 78681ac08a611313595d13cafabae1183b71ef48 (diff) | |
parent | 6c3b8fc618905d7599dcc514c99ce4293d476f39 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
netns: fix ip_rt_frag_needed rt_is_expired
netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences
netfilter: fix double-free and use-after free
netfilter: arptables in netns for real
netfilter: ip{,6}tables_security: fix future section mismatch
selinux: use nf_register_hooks()
netfilter: ebtables: use nf_register_hooks()
Revert "pkt_sched: sch_sfq: dump a real number of flows"
qeth: use dev->ml_priv instead of dev->priv
syncookies: Make sure ECN is disabled
net: drop unused BUG_TRAP()
net: convert BUG_TRAP to generic WARN_ON
drivers/net: convert BUG_TRAP to generic WARN_ON
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3481cde5bf15..da36dac6535f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -5654,27 +5654,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { | |||
5654 | static int __init selinux_nf_ip_init(void) | 5654 | static int __init selinux_nf_ip_init(void) |
5655 | { | 5655 | { |
5656 | int err = 0; | 5656 | int err = 0; |
5657 | u32 iter; | ||
5658 | 5657 | ||
5659 | if (!selinux_enabled) | 5658 | if (!selinux_enabled) |
5660 | goto out; | 5659 | goto out; |
5661 | 5660 | ||
5662 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 5661 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
5663 | 5662 | ||
5664 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { | 5663 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5665 | err = nf_register_hook(&selinux_ipv4_ops[iter]); | 5664 | if (err) |
5666 | if (err) | 5665 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); |
5667 | panic("SELinux: nf_register_hook for IPv4: error %d\n", | ||
5668 | err); | ||
5669 | } | ||
5670 | 5666 | ||
5671 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5667 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5672 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { | 5668 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5673 | err = nf_register_hook(&selinux_ipv6_ops[iter]); | 5669 | if (err) |
5674 | if (err) | 5670 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); |
5675 | panic("SELinux: nf_register_hook for IPv6: error %d\n", | ||
5676 | err); | ||
5677 | } | ||
5678 | #endif /* IPV6 */ | 5671 | #endif /* IPV6 */ |
5679 | 5672 | ||
5680 | out: | 5673 | out: |
@@ -5686,15 +5679,11 @@ __initcall(selinux_nf_ip_init); | |||
5686 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5679 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
5687 | static void selinux_nf_ip_exit(void) | 5680 | static void selinux_nf_ip_exit(void) |
5688 | { | 5681 | { |
5689 | u32 iter; | ||
5690 | |||
5691 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 5682 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
5692 | 5683 | ||
5693 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) | 5684 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
5694 | nf_unregister_hook(&selinux_ipv4_ops[iter]); | ||
5695 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5685 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
5696 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) | 5686 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
5697 | nf_unregister_hook(&selinux_ipv6_ops[iter]); | ||
5698 | #endif /* IPV6 */ | 5687 | #endif /* IPV6 */ |
5699 | } | 5688 | } |
5700 | #endif | 5689 | #endif |