From 20510f2f4e2dabb0ff6c13901807627ec9452f98 Mon Sep 17 00:00:00 2001 From: James Morris Date: Tue, 16 Oct 2007 23:31:32 -0700 Subject: security: Convert LSM into a static interface Convert LSM into a static interface, as the ability to unload a security module is not required by in-tree users and potentially complicates the overall security architecture. Needlessly exported LSM symbols have been unexported, to help reduce API abuse. Parameters for the capability and root_plug modules are now specified at boot. The SECURITY_FRAMEWORK_VERSION macro has also been removed. In a nutshell, there is no safe way to unload an LSM. The modular interface is thus unecessary and broken infrastructure. It is used only by out-of-tree modules, which are often binary-only, illegal, abusive of the API and dangerous, e.g. silently re-vectoring SELinux. [akpm@linux-foundation.org: cleanups] [akpm@linux-foundation.org: USB Kconfig fix] [randy.dunlap@oracle.com: fix LSM kernel-doc] Signed-off-by: James Morris Acked-by: Chris Wright Cc: Stephen Smalley Cc: "Serge E. Hallyn" Acked-by: Arjan van de Ven Signed-off-by: Randy Dunlap Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/xfrm.c | 1 - 1 file changed, 1 deletion(-) (limited to 'security/selinux/xfrm.c') diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index ba715f40b658..cb008d9f0a82 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -31,7 +31,6 @@ * 2. Emulating a reasonable SO_PEERSEC across machines * 3. Testing addition of sk_policy's with security context via setsockopt */ -#include #include #include #include -- cgit v1.2.3