diff options
author | Eric Paris <eparis@redhat.com> | 2010-10-13 16:24:41 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-10-21 10:12:48 +1100 |
commit | 2606fd1fa5710205b23ee859563502aa18362447 (patch) | |
tree | f79becd7010a2da1a765829fce0e09327cd50531 /net/netfilter/xt_CT.c | |
parent | 15714f7b58011cf3948cab2988abea560240c74f (diff) |
secmark: make secmark object handling generic
Right now secmark has lots of direct selinux calls. Use all LSM calls and
remove all SELinux specific knowledge. The only SELinux specific knowledge
we leave is the mode. The only point is to make sure that other LSMs at
least test this generic code before they assume it works. (They may also
have to make changes if they do not represent labels as strings)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netfilter/xt_CT.c')
-rw-r--r-- | net/netfilter/xt_CT.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index 0cb6053f02fd..782e51986a6f 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -9,7 +9,6 @@ #include <linux/module.h> #include <linux/gfp.h> #include <linux/skbuff.h> -#include <linux/selinux.h> #include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv6/ip6_tables.h> #include <linux/netfilter/x_tables.h> |