On Thursday 15 November 2007 9:26:53 am Christopher J. PeBenito wrote: > Perhaps. Though I thought that dropping the sendto check was being > considered, since it really doesn't gain anything. Yes, Darrel and Venkat (both added to the CC line) proposed removing the IPsec sendto check and it sounds reasonable to me. I believe this will be part of the upcoming flow control patches, if not we should probably make this change for 2.6.25 so we can trigger it with the new netpeer capability. Regardless, the refpol will most likely need to continue to support the sendto check for some time to preserve proper behavior with older kernels. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
