On Wednesday 27 February 2008 9:01:31 am James Morris wrote: > Any further thoughts on how to push the secmark integration forward? > > The secmark table patch should allow MAC rules to be administered > independently, and I know there has been some demand for the new > (well, now not so new) networking controls. When I asked this question previously the one thing that came up was semanage integration/compatibility. However, there didn't appear to be a consensus as to if that was a good idea because semanage has a rather simplistic view of local network controls due to the limitations of the legacy netif/node controls. I'm with you in that I'd really like to see all of the distributions shift over to using secmark. Beyond the normal performance improvement of moving to secmark, starting with 2.6.25 having both secmark and the new network_peer_controls capability enabled should result in a nice performance boost* over the legacy network controls. * No, I don't have any numbers yet, but looking at the code should explain why. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
