Hi all, is anyone here familiar with Netlabel ? I am trying to label network packets using CIPSO tags from a LSM module. Rather than using the Netlink interface to configure Netlabel from userspace, I try to setup everything from kernelspace. The way I initialize netlabel is similar to what smack does in smk_cipso_doi() (security/smack/smackfs.c). What I am trying to do is the following : - no packet should ever get dropped - unlabeled packets can stay unlabeled, I don't need to assign them any DOI - labeled packets carry information that is only useful to my LSM module (bitmaps) Now, everytime I label a socket, packets get dropped. I read in the RFC about configuration settings such as HOST_LABEL_MAX and so on, but as far as I understand, it is up to the module itself to make such verifications. Is netlabel enforcing any sort of policy here ? Is there anyway I can configure netlabel to never drop packets ? Kind regards, -- Christophe _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
