On Mon, Aug 25, 2014 at 10:00 AM, Stepan G. Fedorov <stfedorov@xxxxxxxxx> wrote: > 25.08.2014 17:10, Stephen Smalley пишет: > >> Legacy network checks are gone; use peer labeling or secmark instead, >> http://paulmoore.livejournal.com/tag/documentation > > > Thank you for quick reply! > > In case of "just installed" system, where no iptables SECMARK rules present, > and no labeled packets arrive on network interface - what will be selinux > contexts of all incoming packets? In this case the incoming packets would be labeled "unlabeled_t", just like any other unlabeled data on the system. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
