On Wed, 2007-05-23 at 15:11 -0700, Ken wrote: > I became interested in SELinux primarily to increase the level of > security I have when I am connected to the Internet, and until recently > I have not allowed kernel_t to send or receive rawip over the Internet. > I have recently allowed this because I was having difficulty making an > online payment without this enabled. Since enabling this, I have > wondered what the security implications of allowing kernel_t to send and > receive rawip on the Internet are; Its normal behavior, the kernel needs the permission so can handle ICMP traffic, e.g. ping replies, destination unreachable, etc. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
