-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I am trying to clean up my network policy module but some things are unclear. Could anyone shine some light (or correct me) on the below: 1. network interface labels are no longer checked in any scenario (secmark, netlabel, labeled-ipsec) and the netif isid is no longer used. So i can remove my netif types and associate the netif isid with a context reserved for unused isids? 2. Above also applies to node labels (ie. nodes are no longer checked in any scenarion (secmark, netlabel, labeled-ipset) The question is then why is the node isid still working. And why do i need to allow some processes to bind to nodes with the context associated with the node isid? why is the node isid still used? 3. packets are checked with secmark, and you can associate different packet types with different packets) 4. peers are checked with netlabel, but you only need on peer type (ie. you can't associate different peer types with different peers) - -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788 Dominick Grift -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCgAGBQJWBWUbAAoJENAR6kfG5xmciHEL/iRIF1VO4uLwgabP3+YEhw80 exC7tyGPy/qKpYUOB9RWjdzRNVdGYIxj2rYpGRNsTJQXWkdEGcQBkMVsF1YeAJsi 55jtPcyc0R+pcn7abo9FbdeSUtx1Xd99ji6ZajOl0A39PauzMzxYFOE2F6bnVUKn 0C7MgiXCxN2SLya6//v3ZniszwSlEqLrUTkvoaUr92SLbQqUay9xpOhUaGqrwid9 5i6lKnuFihuQEhMuv8OgXfEPjY9WnY/m1MK7LUtU3xvMH6CaQEkuvm/KYwhzwjJG f+wc4dyOX5Ap7W5o10wAcmpcVM3w11mocBt+dkYLXzZkpYFi3GZK3zI4yzRFUEVf tWFspmE30PhAbvpzBSA82k3M5EB66pGYr1gja+I6BC0Ali2Booz8uaGp64SpqNOO 8hlinJu2ZLCq/00NVOITOgzVGUCGMeG2f6U2quze7DJvrIGpnQ1QIEJIPCtBiP8K sY2D4CU+Q587oSueHRf9sxqZmvPUJiNx0zhdIRPnAA== =uvyT -----END PGP SIGNATURE----- _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
