[PATCH] selinux: use nf_register

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] selinux: use nf_register_hooks()
@ 2008-07-21 16:25 Alexey Dobriyan
  2008-07-21 16:30 ` Patrick McHardy
  0 siblings, 1 reply; 4+ messages in thread
From: Alexey Dobriyan @ 2008-07-21 16:25 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, sds, jmorris, eparis

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 security/selinux/hooks.c |   27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5670,27 +5670,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
 static int __init selinux_nf_ip_init(void)
 {
 	int err = 0;
-	u32 iter;
 
 	if (!selinux_enabled)
 		goto out;
 
 	printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
 
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) {
-		err = nf_register_hook(&selinux_ipv4_ops[iter]);
-		if (err)
-			panic("SELinux: nf_register_hook for IPv4: error %d\n",
-			      err);
-	}
+	err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
+	if (err)
+		panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) {
-		err = nf_register_hook(&selinux_ipv6_ops[iter]);
-		if (err)
-			panic("SELinux: nf_register_hook for IPv6: error %d\n",
-			      err);
-	}
+	err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
+	if (err)
+		panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
 #endif	/* IPV6 */
 
 out:
@@ -5702,15 +5695,11 @@ __initcall(selinux_nf_ip_init);
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static void selinux_nf_ip_exit(void)
 {
-	u32 iter;
-
 	printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
 
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++)
-		nf_unregister_hook(&selinux_ipv4_ops[iter]);
+	nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-	for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++)
-		nf_unregister_hook(&selinux_ipv6_ops[iter]);
+	nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
 #endif	/* IPV6 */
 }
 #endif
-- 
1.5.4.5



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: use nf_register_hooks()
  2008-07-21 16:25 [PATCH] selinux: use nf_register_hooks() Alexey Dobriyan
@ 2008-07-21 16:30 ` Patrick McHardy
  2008-07-21 21:27   ` James Morris
  0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2008-07-21 16:30 UTC (permalink / raw)
  To: Alexey Dobriyan; +Cc: netfilter-devel, sds, jmorris, eparis

Alexey Dobriyan wrote:
> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
> ---
> 
>  security/selinux/hooks.c |   27 ++++++++-------------------
>  1 file changed, 8 insertions(+), 19 deletions(-)

I can pick this up or it can go through the SELinux tree.
Stephen, James?


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: use nf_register_hooks()
  2008-07-21 16:30 ` Patrick McHardy
@ 2008-07-21 21:27   ` James Morris
  2008-07-26 22:40     ` Patrick McHardy
  0 siblings, 1 reply; 4+ messages in thread
From: James Morris @ 2008-07-21 21:27 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Alexey Dobriyan, netfilter-devel, sds, eparis

On Mon, 21 Jul 2008, Patrick McHardy wrote:

> Alexey Dobriyan wrote:
> > Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
> > ---
> > 
> >  security/selinux/hooks.c |   27 ++++++++-------------------
> >  1 file changed, 8 insertions(+), 19 deletions(-)
> 
> I can pick this up or it can go through the SELinux tree.
> Stephen, James?

Probably simplest for you to take it while I'm travelling.

Acked-by: James Morris <jmorris@namei.org>


-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selinux: use nf_register_hooks()
  2008-07-21 21:27   ` James Morris
@ 2008-07-26 22:40     ` Patrick McHardy
  0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2008-07-26 22:40 UTC (permalink / raw)
  To: James Morris; +Cc: Alexey Dobriyan, netfilter-devel, sds, eparis

James Morris wrote:
> On Mon, 21 Jul 2008, Patrick McHardy wrote:
> 
>> Alexey Dobriyan wrote:
>>> Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
>>> ---
>>>
>>>  security/selinux/hooks.c |   27 ++++++++-------------------
>>>  1 file changed, 8 insertions(+), 19 deletions(-)
>> I can pick this up or it can go through the SELinux tree.
>> Stephen, James?
> 
> Probably simplest for you to take it while I'm travelling.

Applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-07-26 22:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-21 16:25 [PATCH] selinux: use nf_register_hooks() Alexey Dobriyan
2008-07-21 16:30 ` Patrick McHardy
2008-07-21 21:27   ` James Morris
2008-07-26 22:40     ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.