277d342fc4
This patch is the first step towards removing the old "compat_net" code from the kernel. Secmark, the "compat_net" replacement was first introduced in 2.6.18 (September 2006) and the major Linux distributions with SELinux support have transitioned to Secmark so it is time to start deprecating the "compat_net" mechanism. Testing a patched version of 2.6.28-rc6 with the initial release of Fedora Core 5 did not show any problems when running in enforcing mode. This patch adds an entry to the feature-removal-schedule.txt file and removes the SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT configuration option, forcing Secmark on by default although it can still be disabled at runtime. The patch also makes the Secmark permission checks "dynamic" in the sense that they are only executed when Secmark is configured; this should help prevent problems with older distributions that have not yet migrated to Secmark. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| include | ||
| ss | ||
| avc.c | ||
| exports.c | ||
| hooks.c | ||
| Kconfig | ||
| Makefile | ||
| netif.c | ||
| netlabel.c | ||
| netlink.c | ||
| netnode.c | ||
| netport.c | ||
| nlmsgtab.c | ||
| selinuxfs.c | ||
| xfrm.c | ||