diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 20:17:56 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-26 20:17:56 -0700 |
commit | 228428428138e231a155464239880201e5cc8b44 (patch) | |
tree | 89b437f5501d03ca36b717e232337426d0de77ca /security/selinux | |
parent | 78681ac08a611313595d13cafabae1183b71ef48 (diff) | |
parent | 6c3b8fc618905d7599dcc514c99ce4293d476f39 (diff) | |
download | lwn-228428428138e231a155464239880201e5cc8b44.tar.gz lwn-228428428138e231a155464239880201e5cc8b44.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
netns: fix ip_rt_frag_needed rt_is_expired
netfilter: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences
netfilter: fix double-free and use-after free
netfilter: arptables in netns for real
netfilter: ip{,6}tables_security: fix future section mismatch
selinux: use nf_register_hooks()
netfilter: ebtables: use nf_register_hooks()
Revert "pkt_sched: sch_sfq: dump a real number of flows"
qeth: use dev->ml_priv instead of dev->priv
syncookies: Make sure ECN is disabled
net: drop unused BUG_TRAP()
net: convert BUG_TRAP to generic WARN_ON
drivers/net: convert BUG_TRAP to generic WARN_ON
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3481cde5bf15..da36dac6535f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5654,27 +5654,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = { static int __init selinux_nf_ip_init(void) { int err = 0; - u32 iter; if (!selinux_enabled) goto out; printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); - for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) { - err = nf_register_hook(&selinux_ipv4_ops[iter]); - if (err) - panic("SELinux: nf_register_hook for IPv4: error %d\n", - err); - } + err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); + if (err) + panic("SELinux: nf_register_hooks for IPv4: error %d\n", err); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) { - err = nf_register_hook(&selinux_ipv6_ops[iter]); - if (err) - panic("SELinux: nf_register_hook for IPv6: error %d\n", - err); - } + err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); + if (err) + panic("SELinux: nf_register_hooks for IPv6: error %d\n", err); #endif /* IPV6 */ out: @@ -5686,15 +5679,11 @@ __initcall(selinux_nf_ip_init); #ifdef CONFIG_SECURITY_SELINUX_DISABLE static void selinux_nf_ip_exit(void) { - u32 iter; - printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); - for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) - nf_unregister_hook(&selinux_ipv4_ops[iter]); + nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) - nf_unregister_hook(&selinux_ipv6_ops[iter]); + nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops)); #endif /* IPV6 */ } #endif |