On Thursday 2010-09-23 22:56, Mr Dash Four wrote: > >>>> I use it a lot via 'cat' and Shorewall (via 'shorewall show >>>> connections'). I use it for one particular reason - to track >>>> SELinux contexts (text, NOT numbers!) on active connections. So, am >>>> I going to see the SELinux context for each connection in text >>>> without the need to use conntrack-utils or not (simple 'yes' or >>>> 'no' answer will do)? >>>> >> >> That's like saying we need /proc/self/df just so that we can know the >> fill state of disks without resorting to a userspace tool (oooh~ god forbid!). > > What is that suppose to mean? Are you suggesting that for the dubious privilege > of seeing secmark=<selctx> - the way it should have been developed in the first > place - as oppose to secmark=XXX as was the case up until now, I have to > install your set of tools? I don't think so! The trend is clear. If we were procfs fanboys, we would not need sysfs. Or securityfs. Or debugfs. We'd have everything in /proc. You can think whatever you want. It's just hypocritical wanting to add a feature to an infrastructure that practically every developer consented to not abuse further. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html