diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-07-26 20:48:15 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-07-26 20:48:15 -0400 |
| commit | 6c5a9d2e1599a099b0e47235a1c1502162b14310 (patch) | |
| tree | 517e577b1485b8a40458cff1e3780eab556f4749 /security | |
| parent | e40f51a36a6ca718e829c0933ab1e79333ac932e (diff) | |
selinux: use nf_register_hooks()
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 63f131fc42e4..df0515dd4d12 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5670,27 +5670,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { | |||
| 5670 | static int __init selinux_nf_ip_init(void) | 5670 | static int __init selinux_nf_ip_init(void) |
| 5671 | { | 5671 | { |
| 5672 | int err = 0; | 5672 | int err = 0; |
| 5673 | u32 iter; | ||
| 5674 | 5673 | ||
| 5675 | if (!selinux_enabled) | 5674 | if (!selinux_enabled) |
| 5676 | goto out; | 5675 | goto out; |
| 5677 | 5676 | ||
| 5678 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 5677 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
| 5679 | 5678 | ||
| 5680 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { | 5679 | err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
| 5681 | err = nf_register_hook(&selinux_ipv4_ops[iter]); | 5680 | if (err) |
| 5682 | if (err) | 5681 | panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); |
| 5683 | panic("SELinux: nf_register_hook for IPv4: error %d\n", | ||
| 5684 | err); | ||
| 5685 | } | ||
| 5686 | 5682 | ||
| 5687 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5683 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 5688 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { | 5684 | err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
| 5689 | err = nf_register_hook(&selinux_ipv6_ops[iter]); | 5685 | if (err) |
| 5690 | if (err) | 5686 | panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); |
| 5691 | panic("SELinux: nf_register_hook for IPv6: error %d\n", | ||
| 5692 | err); | ||
| 5693 | } | ||
| 5694 | #endif /* IPV6 */ | 5687 | #endif /* IPV6 */ |
| 5695 | 5688 | ||
| 5696 | out: | 5689 | out: |
| @@ -5702,15 +5695,11 @@ __initcall(selinux_nf_ip_init); | |||
| 5702 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 5695 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| 5703 | static void selinux_nf_ip_exit(void) | 5696 | static void selinux_nf_ip_exit(void) |
| 5704 | { | 5697 | { |
| 5705 | u32 iter; | ||
| 5706 | |||
| 5707 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 5698 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
| 5708 | 5699 | ||
| 5709 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) | 5700 | nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); |
| 5710 | nf_unregister_hook(&selinux_ipv4_ops[iter]); | ||
| 5711 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 5701 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 5712 | for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) | 5702 | nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); |
| 5713 | nf_unregister_hook(&selinux_ipv6_ops[iter]); | ||
| 5714 | #endif /* IPV6 */ | 5703 | #endif /* IPV6 */ |
| 5715 | } | 5704 | } |
| 5716 | #endif | 5705 | #endif |