git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
selinux: Deprecate and schedule the removal of the the compat_net functionality
[safe/jmp/linux-2.6] / Documentation / feature-removal-schedule.txt
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index dc7c681..a0ed396 100644 (file)
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -324,3 +324,15 @@ When:      2.6.29 (ideally) or 2.6.30 (more likely)
 Why:   Deprecated by the new (standard) device driver binding model. Use
        i2c_driver->probe() and ->remove() instead.
 Who:   Jean Delvare <khali@linux-fr.org>
+
+---------------------------
+
+What:  SELinux "compat_net" functionality
+When:  2.6.30 at the earliest
+Why:   In 2.6.18 the Secmark concept was introduced to replace the "compat_net"
+       network access control functionality of SELinux.  Secmark offers both
+       better performance and greater flexibility than the "compat_net"
+       mechanism.  Now that the major Linux distributions have moved to
+       Secmark, it is time to deprecate the older mechanism and start the
+       process of removing the old code.
+Who:   Paul Moore <paul.moore@hp.com>
Full containers within linux kernel