From: Paul Moore <paul@xxxxxxxxxxxxxx> Date: Wed, 6 Apr 2016 10:07:27 -0400 > "While marking the LSM hook structure doesn't directly affect the > SELinux netfilter hooks, once we remove the ability to deregister the > LSM hooks we will have no need to support deregistering netfilter > hooks and I expect we will drop that functionality as well to help > decrease the risk of tampering." This is not a reasonable postiion. The performance implications are non-trivial for using netfilter hooks when they aren't actually needed. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
