What happens to the new /nf(s)_conntrack
If anything, secmark=x be removed. Abusing procfs is deprecated.
No userspace program depends on it.
Sorry, but I've never suggested that useless number be kept in any shape
or form anywhere (please read my posts on this very thread)!
There was a patch from Eric (I think about 2 days ago) showing
secmark=<selctx> in the output of nfs_conntrack and I assumed that will
be adopted. Is that no longer the case and if so why?
and iptables -L?
As was said earlier (by Eric?), the secmark/u32 value is useless and
that secname (aka. selctx) should only ever be used. That is
already the case with x_tables.
I've never suggested that the u32 was ever useful (it was actually you,
who asked me to devise a patch translating it into the actual text when
I suggested that this number is pretty useless, remember?).
Again, I assume that when I use "cat /proc/net/nf(s)_conntrack" I would
be able to see the proper translation of the SELinux context for all
connections and not that useless number (the whole reason for me
starting this thread). I think I've made myself perfectly clear on this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
