On Monday, June 06, 2011 07:22:43 PM Pablo Neira Ayuso wrote: > On 06/06/11 15:10, Mr Dash Four wrote: > >> Exactly my point. There is no leak if its text or numeric. > > > > No, there is no leak if it is a text, but there *is* a leak if it is a > > numeric. I think I've made that quite clear. > > We don't use numeric secmark anymore in nf_conntrack. Not very familiar > with SELinux, but I remember that the convention was not to provide > internal numeric values. All of the audit system records the numbers if conversion fails. We want it as forensic evidence or troubleshooting information as the case may be. -Steve -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
