On Thu, Sep 23, 2010 at 4:18 PM, Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx> wrote: > >>> What happens to the new /nf(s)_conntrack >>> >> >> If anything, secmark=x be removed. Abusing procfs is deprecated. >> No userspace program depends on it. >> > > I've just read the above again. Are you actually suggesting that no program > in userspace uses /proc/net/nf_conntrack? If so, you are mistaken my friend! > > I use it a lot via 'cat' and Shorewall (via 'shorewall show connections'). I > use it for one particular reason - to track SELinux contexts (text, NOT > numbers!) on active connections. > > So, am I going to see the SELinux context for each connection in text > without the need to use conntrack-utils or not (simple 'yes' or 'no' answer > will do)? I will send a patch series for which the answer is 'yes' and we shall see what everyone agrees to commit. -Eric -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html