On Tuesday 08 April 2008 6:24:52 am jamal wrote: > On Mon, 2008-07-04 at 19:16 -0400, Paul Moore wrote: > > The xfrm_get_policy() and xfrm_add_pol_expire() put some rather > > large structs on the stack to work around the LSM API. > > You missed a spot which applies similar logic: > net/key/af_key.c::pfkey_spddelete() Thanks, I'll check all the pfkey bits to see if anything else jumps out too ... and figure out why my config wasn't building pfkey :) -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
