1. 03 Apr, 2009 1 commit
  2. 01 Apr, 2009 1 commit
  3. 30 Mar, 2009 1 commit
  4. 28 Mar, 2009 4 commits
  5. 20 Mar, 2009 1 commit
  6. 13 Mar, 2009 2 commits
  7. 09 Mar, 2009 1 commit
  8. 29 Jan, 2009 1 commit
  9. 07 Jan, 2009 1 commit
  10. 02 Jan, 2009 1 commit
  11. 31 Dec, 2008 1 commit
    • Paul Moore's avatar
      selinux: Deprecate and schedule the removal of the the compat_net functionality · 277d342f
      Paul Moore authored
      This patch is the first step towards removing the old "compat_net" code from
      the kernel.  Secmark, the "compat_net" replacement was first introduced in
      2.6.18 (September 2006) and the major Linux distributions with SELinux support
      have transitioned to Secmark so it is time to start deprecating the "compat_net"
      mechanism.  Testing a patched version of 2.6.28-rc6 with the initial release of
      Fedora Core 5 did not show any problems when running in enforcing mode.
      
      This patch adds an entry to the feature-removal-schedule.txt file and removes
      the SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT configuration option, forcing
      Secmark on by default although it can still be disabled at runtime.  The patch
      also makes the Secmark permission checks "dynamic" in the sense that they are
      only executed when Secmark is configured; this should help prevent problems
      with older distributions that have not yet migrated to Secmark.
      Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
      Acked-by: default avatarJames Morris <jmorris@namei.org>
      277d342f
  12. 12 Dec, 2008 1 commit
  13. 11 Nov, 2008 1 commit
  14. 31 Oct, 2008 1 commit
  15. 22 Oct, 2008 1 commit
  16. 16 Oct, 2008 1 commit
    • Bjorn Helgaas's avatar
      vsprintf: use new vsprintf symbolic function pointer format · c80cfb04
      Bjorn Helgaas authored
      Use the '%pF' format to get rid of an "#ifdef DEBUG" and make some printks
      atomic.
      
      This removes the last in-tree uses of print_fn_descriptor_symbol().  I
      marked print_fn_descriptor_symbol() deprecated and scheduled it for
      removal next year to give time for out-of-tree modules to be updated.
      
      parisc's print_fn_descriptor_symbol() is currently broken there (it needs
      to dereference the function pointer similar to ia64 and power).  This
      patch shouldn't make anything worse, but it means we need to fix
      dereference_function_descriptor() instead of print_fn_descriptor_symbol()
      to get meaningful initcall_debug output.
      Signed-off-by: default avatarBjorn Helgaas <bjorn.helgaas@hp.com>
      Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
      Cc: Kyle McMartin <kyle@mcmartin.ca>
      Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
      Cc: Kay Sievers <kay.sievers@vrfy.org>
      Cc: Greg KH <greg@kroah.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c80cfb04
  17. 14 Oct, 2008 1 commit
  18. 13 Oct, 2008 1 commit
  19. 08 Oct, 2008 1 commit
  20. 15 Sep, 2008 1 commit
    • Luis R. Rodriguez's avatar
      cfg80211: Add new wireless regulatory infrastructure · b2e1b302
      Luis R. Rodriguez authored
      This adds the new wireless regulatory infrastructure. The
      main motiviation behind this was to centralize regulatory
      code as each driver was implementing their own regulatory solution,
      and to replace the initial centralized code we have where:
      
      * only 3 regulatory domains are supported: US, JP and EU
      * regulatory domains can only be changed through module parameter
      * all rules were built statically in the kernel
      
      We now have support for regulatory domains for many countries
      and regulatory domains are now queried through a userspace agent
      through udev allowing distributions to update regulatory rules
      without updating the kernel.
      
      Each driver can regulatory_hint() a regulatory domain
      based on either their EEPROM mapped regulatory domain value to a
      respective ISO/IEC 3166-1 country code or pass an internally built
      regulatory domain. We also add support to let the user set the
      regulatory domain through userspace in case of faulty EEPROMs to
      further help compliance.
      
      Support for world roaming will be added soon for cards capable of
      this.
      
      For more information see:
      
      http://wireless.kernel.org/en/developers/Regulatory/CRDA
      
      For now we leave an option to enable the old module parameter,
      ieee80211_regdom, and to build the 3 old regdomains statically
      (US, JP and EU). This option is CONFIG_WIRELESS_OLD_REGULATORY.
      These old static definitions and the module parameter is being
      scheduled for removal for 2.6.29. Note that if you use this
      you won't make use of a world regulatory domain as its pointless.
      If you leave this option enabled and if CRDA is present and you
      use US or JP we will try to ask CRDA to update us a regulatory
      domain for us.
      Signed-off-by: default avatarLuis R. Rodriguez <lrodriguez@atheros.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      b2e1b302
  21. 10 Sep, 2008 1 commit
  22. 12 Aug, 2008 1 commit
  23. 11 Aug, 2008 1 commit
  24. 27 Jul, 2008 1 commit
  25. 25 Jul, 2008 1 commit
  26. 24 Jul, 2008 1 commit
  27. 21 Jul, 2008 1 commit
    • Krzysztof Piotr Oledzki's avatar
      netfilter: accounting rework: ct_extend + 64bit counters (v4) · 58401572
      Krzysztof Piotr Oledzki authored
      Initially netfilter has had 64bit counters for conntrack-based accounting, but
      it was changed in 2.6.14 to save memory. Unfortunately in-kernel 64bit counters are
      still required, for example for "connbytes" extension. However, 64bit counters
      waste a lot of memory and it was not possible to enable/disable it runtime.
      
      This patch:
       - reimplements accounting with respect to the extension infrastructure,
       - makes one global version of seq_print_acct() instead of two seq_print_counters(),
       - makes it possible to enable it at boot time (for CONFIG_SYSCTL/CONFIG_SYSFS=n),
       - makes it possible to enable/disable it at runtime by sysctl or sysfs,
       - extends counters from 32bit to 64bit,
       - renames ip_conntrack_counter -> nf_conn_counter,
       - enables accounting code unconditionally (no longer depends on CONFIG_NF_CT_ACCT),
       - set initial accounting enable state based on CONFIG_NF_CT_ACCT
       - removes buggy IPCT_COUNTER_FILLING event handling.
      
      If accounting is enabled newly created connections get additional acct extend.
      Old connections are not changed as it is not possible to add a ct_extend area
      to confirmed conntrack. Accounting is performed for all connections with
      acct extend regardless of a current state of "net.netfilter.nf_conntrack_acct".
      Signed-off-by: default avatarKrzysztof Piotr Oledzki <ole@ans.pl>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      58401572
  28. 14 Jul, 2008 2 commits
  29. 02 Jul, 2008 1 commit
  30. 25 Jun, 2008 1 commit
  31. 15 May, 2008 1 commit
  32. 30 Apr, 2008 1 commit
  33. 28 Apr, 2008 1 commit
  34. 21 Apr, 2008 1 commit
  35. 19 Apr, 2008 1 commit