Re: decipher the secmark number from nf_conntrack/ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2010-09-24 02:24, Tom Eastep wrote:

>On 9/23/10 4:59 PM, Jan Engelhardt wrote:
>
>> 
>> It is not "my" conntrack-utils by any means. If users would not
>> constantly insist on using outdated interfaces (and I _do_ grant
>> things their transition time), and if maintainers would not always
>> give in to these users, we would have less code to worry about, or
>> even have these discussions.
>
>So if the 'conntrack' utility invokes the sid->secctx translation in

As Eric mentioned, sid->secctx translation should already be done in 
the kernel since sid are not meant to be seen/used on the outside, and 
I agree to that if that is how selinux works. (And thus the discussion 
is mostly about whether the secctx is to be reported in procfs, or
via netlink.)

>formatting it's -L output then everyone should be happy. Non-programmers
>get the text output that they want and there is no need to extend the
>deprecated /proc interface.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux