chanson@xxxxxxxxxxxxx wrote: > > Traditionally network objects in a MLS system are not usually subject to > the usual privilege overrides. Hum. That wasn't true of Trusted Irix where sockets were the network objects. Of course, you can only apply privilege on the sending end because the privilege state isn't transmitted. On Smack the network object is the process, and privilege is required to muck with the attributes of your own sockets, but otherwise it's the same, again the privilege isn't getting transmitted, so you can't determine if it's there on the other end. If you want to transmit the privilege state, and SELinux (appears to) allow that, you really ought to allow for that on the other end. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
