Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I use it a lot via 'cat' and Shorewall (via 'shorewall show
connections'). I use it for one particular reason - to track
SELinux contexts (text, NOT numbers!) on active connections. So, am
I going to see the SELinux context for each connection in text
without the need to use conntrack-utils or not (simple 'yes' or
'no' answer will do)?

That's like saying we need /proc/self/df just so that we can know the
fill state of disks without resorting to a userspace tool (oooh~ god forbid!).
What is that suppose to mean? Are you suggesting that for the dubious privilege of seeing secmark=<selctx> - the way it should have been developed in the first place - as oppose to secmark=XXX as was the case up until now, I have to install your set of tools? I don't think so!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux