Merge commit 'v2.6.30' into for-2.6.31

[safe/jmp/linux-2.6] / security / selinux / Kconfig

diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
index 23b5104..bca1b74 100644 (file)
--- a/security/selinux/Kconfig
+++ b/security/selinux/Kconfig
@@ -6,9 +6,6 @@ config SECURITY_SELINUX
        help
          This selects NSA Security-Enhanced Linux (SELinux).
          You will also need a policy configuration and a labeled filesystem.
-         You can obtain the policy compiler (checkpolicy), the utility for
-         labeling filesystems (setfiles), and an example policy configuration
-         from <http://www.nsa.gov/selinux/>.
          If you are unsure how to answer this question, answer N.
 
 config SECURITY_SELINUX_BOOTPARAM
@@ -97,33 +94,6 @@ config SECURITY_SELINUX_CHECKREQPROT_VALUE
 
          If you are unsure how to answer this question, answer 1.
 
-config SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT
-       bool "NSA SELinux enable new secmark network controls by default"
-       depends on SECURITY_SELINUX
-       default n
-       help
-         This option determines whether the new secmark-based network
-         controls will be enabled by default.  If not, the old internal
-         per-packet controls will be enabled by default, preserving
-         old behavior.
-
-         If you enable the new controls, you will need updated
-         SELinux userspace libraries, tools and policy.  Typically,
-         your distribution will provide these and enable the new controls
-         in the kernel they also distribute.
-
-         Note that this option can be overridden at boot with the
-         selinux_compat_net parameter, and after boot via
-         /selinux/compat_net.  See Documentation/kernel-parameters.txt
-         for details on this parameter.
-
-         If you enable the new network controls, you will likely
-         also require the SECMARK and CONNSECMARK targets, as
-         well as any conntrack helpers for protocols which you
-         wish to control.
-
-         If you are unsure what to do here, select N.
-
 config SECURITY_SELINUX_POLICYDB_VERSION_MAX
        bool "NSA SELinux maximum supported policy format version"
        depends on SECURITY_SELINUX
@@ -137,7 +107,7 @@ config SECURITY_SELINUX_POLICYDB_VERSION_MAX
 
          Examples:
          For the Fedora Core 3 or 4 Linux distributions, enable this option
-         and set the value via the next option. For Fedore Core 5 and later,
+         and set the value via the next option. For Fedora Core 5 and later,
          do not enable this option.
 
          If you are unsure how to answer this question, answer N.
@@ -145,7 +115,7 @@ config SECURITY_SELINUX_POLICYDB_VERSION_MAX
 config SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
        int "NSA SELinux maximum supported policy format version value"
        depends on SECURITY_SELINUX_POLICYDB_VERSION_MAX
-       range 15 21
+       range 15 23
        default 19
        help
          This option sets the value for the maximum policy format version