On Friday 2010-09-24 02:24, Tom Eastep wrote: >On 9/23/10 4:59 PM, Jan Engelhardt wrote: > >> >> It is not "my" conntrack-utils by any means. If users would not >> constantly insist on using outdated interfaces (and I _do_ grant >> things their transition time), and if maintainers would not always >> give in to these users, we would have less code to worry about, or >> even have these discussions. > >So if the 'conntrack' utility invokes the sid->secctx translation in As Eric mentioned, sid->secctx translation should already be done in the kernel since sid are not meant to be seen/used on the outside, and I agree to that if that is how selinux works. (And thus the discussion is mostly about whether the secctx is to be reported in procfs, or via netlink.) >formatting it's -L output then everyone should be happy. Non-programmers >get the text output that they want and there is no need to extend the >deprecated /proc interface. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
