On Tuesday 12 February 2008 9:37:21 am Christopher J. PeBenito wrote: > On Fri, 2008-02-08 at 16:25 -0500, paul.moore@xxxxxx wrote: > > plain text document attachment (refpol-secmark_perms_fix) > > There is really no need for the SECMARK policy hack in the > > kernel_sendrecv_unlabeled_association() interface since we already have > > an interface call, kernel_sendrecv_unlabeled_packets(), which handles the > > unlabeled SECMARK case. Remove the hack and use the > > kernel_sendrecv_unlabeled_packets() where appropriate. > > I don't think this is any better as, in reality, there should be no > mixing of secmark rules with labeled networking rules since they are > orthogonal. First, thanks for merging the other changes. Second, I suppose you are right about these changes, mixing them (never thought about it that way which is kinda funny everything considered) probably isn't the best thing to do long term. Thanks. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
