> One item to note: xt_SECMARK.c is presently using selinux-specific > interfaces for mapping the security context string to a sid originally, > as well as to check permissions, manage refcounts, etc. So if you use > the LSM hooks for mapping the secid back to a context, there will be an > inconsistency in the interface. Likely they should all be LSM hooks and > both include/linux/selinux.h and security/selinux/exports.c should go > away. > I found a way to alter the iptables source to get that information - see my own thread on the netfilter mailing list here - http://www.spinics.net/lists/netfilter/msg49094.html Whether the devs responsible for iptables/netfilter would agree to make these changes I am not sure - I patched my own iptables and it works! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
