On 06/08/12 13:36, Paul Moore wrote:
> On Thursday, June 07, 2012 02:28:02 PM Chris PeBenito wrote:
>> Update the always_check_network policy capability which, when enabled,
>> treats peer labeling as enabled, even if there is no Netlabel or
>> labeled IPSEC configuration.
>>
>> Signed-off-by: Chris PeBenito <cpebenito@xxxxxxxxxx>
>
> ...
>
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index ec7151b..e8f612e 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -149,6 +149,24 @@ static int selinux_secmark_enabled(void)
>> +static int selinux_peerlbl_enabled(void)
>> +{
>> + if (selinux_policycap_alwaysnetwork)
>> + return 1;
>> + else
>> + return (netlbl_enabled() || selinux_xfrm_enabled());
>> +}
>
> Why not make this more consistent?
>
> return (selinux_policycap_alwaysnetwork || ...
Same response as the other patch.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
