On Thu, 2009-10-01 at 07:46 +1000, James Morris wrote:
On Wed, 30 Sep 2009, Stephen Smalley wrote:
Does anyone think we still need to support policy versions <
POLICYDB_VERSION_NLCLASS (18)? If not, then we can just drop the
dynamic remapping of netlink classes in the security server:
if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET &&
tclass <= SECCLASS_NETLINK_DNRT_SOCKET)
tclass = SECCLASS_NETLINK_SOCKET;
I think RHEL4 shipped with policy.18.
Was any distro shipped with a lower policy version? If not, then I think
it should be ok.
policy.18 was first supported by Linux 2.6.8.
I think the only distro to ship with SELinux enabled and Linux < 2.6.8
would have been Fedora Core 2, which is long since EOL'd and even akpm
doesn't run it anymore. Not sure about Hardened Gentoo - Chris and/or
Joshua? Debian selinux packages predated Fedora, of course, but weren't
mainstreamed into Debian until much later.
I didn't yet remove this logic in my patches, but will do so if there
are no objections.
