So if the 'conntrack' utility invokes the sid->secctx translation in
formatting it's -L output then everyone should be happy. Non-programmers
get the text output that they want and there is no need to extend the
deprecated /proc interface.
The point I am making (well, actually, two points) is this:
1) The existing /proc interface has secmark, albeit showing the wrong
output/field, whatever you want to call it and, for me, that isn't right
and needs to be fixed; and
2) Why should I have bloat my system any further and install yet another
set of tools (which will have no further use apart from 'conntrack -L')
when I can get exactly the same functionality via the OS without further
hassle of having to maintain the said set of tools?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html