Re: [PATCH v4 2/2] selinux: generate flask headers during kernel build

[Joshua Brindle <method@manicmethod.com>]

[-- Attachment #1: Type: text/plain, Size: 1450 bytes --]



Stephen Smalley wrote:
> On Thu, 2009-10-01 at 07:46 +1000, James Morris wrote:
>    
>> On Wed, 30 Sep 2009, Stephen Smalley wrote:
>>
>>      
>>> Does anyone think we still need to support policy versions<
>>> POLICYDB_VERSION_NLCLASS (18)?  If not, then we can just drop the
>>> dynamic remapping of netlink classes in the security server:
>>>          if (policydb_loaded_version<  POLICYDB_VERSION_NLCLASS)
>>>                  if (tclass>= SECCLASS_NETLINK_ROUTE_SOCKET&&
>>>                      tclass<= SECCLASS_NETLINK_DNRT_SOCKET)
>>>                          tclass = SECCLASS_NETLINK_SOCKET;
>>>
>>> I think RHEL4 shipped with policy.18.
>>>        
>> Was any distro shipped with a lower policy version?  If not, then I think
>> it should be ok.
>>      
>
> policy.18 was first supported by Linux 2.6.8.
> I think the only distro to ship with SELinux enabled and Linux<  2.6.8
> would have been Fedora Core 2, which is long since EOL'd and even akpm
> doesn't run it anymore.  Not sure about Hardened Gentoo - Chris and/or
> Joshua?  Debian selinux packages predated Fedora, of course, but weren't
> mainstreamed into Debian until much later.
>
> I didn't yet remove this logic in my patches, but will do so if there
> are no objections.
>
>    

I don't think it matters, the only case where this would come up is if 
you updated your kernel to 2.6.33 and didn't rebuild your policy right? 
I just don't see that happening really.

[-- Attachment #2: Type: text/html, Size: 1953 bytes --]