On Thursday 01 October 2009 08:32:40 am Stephen Smalley wrote: > On Thu, 2009-10-01 at 07:46 +1000, James Morris wrote: > > On Wed, 30 Sep 2009, Stephen Smalley wrote: > > > Does anyone think we still need to support policy versions < > > > POLICYDB_VERSION_NLCLASS (18)? If not, then we can just drop the > > > dynamic remapping of netlink classes in the security server: > > > if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) > > > if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET && > > > tclass <= SECCLASS_NETLINK_DNRT_SOCKET) > > > tclass = SECCLASS_NETLINK_SOCKET; > > > > > > I think RHEL4 shipped with policy.18. > > > > Was any distro shipped with a lower policy version? If not, then I think > > it should be ok. > > policy.18 was first supported by Linux 2.6.8. > I think the only distro to ship with SELinux enabled and Linux < 2.6.8 > would have been Fedora Core 2, which is long since EOL'd and even akpm > doesn't run it anymore. Not sure about Hardened Gentoo - Chris and/or > Joshua? Debian selinux packages predated Fedora, of course, but weren't > mainstreamed into Debian until much later. > > I didn't yet remove this logic in my patches, but will do so if there > are no objections. I'm sure you've already thought about this, but if you do remove the code for policy versions below 18 I would recommend doing so in a standalone patch - that way if somebody does end up with a broken system the bisect will only drag down the policy.18 patch and not the rest of these patches (which are going to be a very nice addition). -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
