Am 13.10.2010 22:24, schrieb Eric Paris: > The conntrack code can export the internal secid to userspace. These are > dynamic, can change on lsm changes, and have no meaning in userspace. We > should instead be sending lsm contexts to userspace instead. This patch sends > the secctx (rather than secid) to userspace over the netlink socket. We use a > new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did > not send particularly useful information. > > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> > Reviewed-by: Paul Moore <paul.moore@xxxxxx> Acked-by: Patrick McHardy <kaber@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
