On Sunday 11 November 2007 5:31:44 pm James Morris wrote: > On Fri, 9 Nov 2007, Paul Moore wrote: > > Add additional Flask definitions to support the new "peer" object class. > > Should this be dependent on dynamic class/permission support? I think it's okay to _define_ the Flask definitions regardless of what the policy supports as older policies should simply ignore these definitions. > Or, will these checks only be invoked if labled networking is configured? Bingo! Look at patch 7/13, specifically the 'selinux_policycap_netpeer' variable and then at patch 9/13 where the new access checks are made conditional on this variable. The whole mess needs more testing and verification, but "in theory" it shouldn't cause any breakage with older policies ... if someone does notice something broken please scream loudly. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
