Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




No program hard-depends on "secmark=" (not: no program depends on
procfs/nfct). That field does not show up if you have SECMARK
disabled - it is guarded by #ifdef - so any parsers out there
have to cater for its absence. In other words, it is safe to
remove the field from the output.
Why should that field be removed though - please give me a valid reason? The earlier suggestion, by Eric, was to replace the value of it with its proper text - this is how it should have been done in the first place!


I would prefer for the procfs interface to cease existing. At the
very least to be not added to any more, per consensus
http://markmail.org/message/h7qeomrtjjjtptio
See my earlier reply - I do not see the need to bloat my images and add yet another set of tools for which I have no use whatsoever!

For what? For the dubious privilege to be able to see SELinux contexts in text when I could continue to use secmark in the form in which it should have been designed/developed in the first place - with its proper SELinux context showing instead of that useless number?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux