1 files changed, 0 insertions, 27 deletions
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index 26301dd651d3..bca1b74a4a2f 100644
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -94,33 +94,6 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
          If you are unsure how to answer this question, answer 1.
-config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
-        bool "NSA SELinux enable new secmark network controls by default"
-        depends on SECURITY_SELINUX
-        default n
-        help
-          This option determines whether the new secmark-based network
-          controls will be enabled by default.  If not, the old internal
-          per-packet controls will be enabled by default, preserving
-          old behavior.
-          If you enable the new controls, you will need updated
-          SELinux userspace libraries, tools and policy.  Typically,
-          your distribution will provide these and enable the new controls
-          in the kernel they also distribute.
-          Note that this option can be overridden at boot with the
-          selinux_compat_net parameter, and after boot via
-          /selinux/compat_net.  See Documentation/kernel-parameters.txt
-          for details on this parameter.
-          If you enable the new network controls, you will likely
-          also require the SECMARK and CONNSECMARK targets, as
-          well as any conntrack helpers for protocols which you
-          wish to control.
-          If you are unsure what to do here, select N.
 config SECURITY_SELINUX_POLICYDB_VERSION_MAX
        bool "NSA SELinux maximum supported policy format version"
        depends on SECURITY_SELINUX

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 26301dd651d3..bca1b74a4a2f 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig
@@ -94,33 +94,6 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
94		94
95	If you are unsure how to answer this question, answer 1.	95	If you are unsure how to answer this question, answer 1.
96		96
97	config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
98	bool "NSA SELinux enable new secmark network controls by default"
99	depends on SECURITY_SELINUX
100	default n
101	help
102	This option determines whether the new secmark-based network
103	controls will be enabled by default. If not, the old internal
104	per-packet controls will be enabled by default, preserving
105	old behavior.
106
107	If you enable the new controls, you will need updated
108	SELinux userspace libraries, tools and policy. Typically,
109	your distribution will provide these and enable the new controls
110	in the kernel they also distribute.
111
112	Note that this option can be overridden at boot with the
113	selinux_compat_net parameter, and after boot via
114	/selinux/compat_net. See Documentation/kernel-parameters.txt
115	for details on this parameter.
116
117	If you enable the new network controls, you will likely
118	also require the SECMARK and CONNSECMARK targets, as
119	well as any conntrack helpers for protocols which you
120	wish to control.
121
122	If you are unsure what to do here, select N.
123
124	config SECURITY_SELINUX_POLICYDB_VERSION_MAX	97	config SECURITY_SELINUX_POLICYDB_VERSION_MAX
125	bool "NSA SELinux maximum supported policy format version"	98	bool "NSA SELinux maximum supported policy format version"
126	depends on SECURITY_SELINUX	99	depends on SECURITY_SELINUX