On Thursday, June 07, 2012 11:27:00 AM Christopher J. PeBenito wrote: > On 06/07/12 10:28, Paul Moore wrote: > > On Wednesday, June 06, 2012 01:28:51 PM Chris PeBenito wrote: > >> Update the always_check_network policy capability which, when enabled, > >> treats peer labeling as enabled, even if there is no Netlabel or > >> labeled IPSEC configuration. > >> > >> Signed-off-by: Chris PeBenito <cpebenito@xxxxxxxxxx> > > > > I still object to this patchset for all the same old reasons, but I feel > > obligated to point out that this patchset is still incomplete/incorrect in > > that it only deals with the socket_sock_rcv_skb hook. > > I found the missing hooks, but does this need to affect selinux_ip_output()? Nope. > It seems like the answer is no, as it looks like its just applying the > NetLabel on outgoing packets. -- paul moore www.paul-moore.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
