On Fri, Dec 2, 2016 at 12:40 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > I suppose a further question on this patch is whether it should also add > new classes for ICMP, IGMP, and SCTP sockets (any others that are > presently mapped to SECCLASS_RAWIP_SOCKET that ought to be given their > own class?). In the SCTP case, this would at least allow them to be > distinguished, but we would still lack the full support added by the > separate SCTP patchset. For the record, I'm okay with this patch and I agree that the compatibility concerns aren't likely to be significant. However, I would like to continue the discussion on the idea to include classes for ICMP, IGMP, and SCTP. I haven't looked into ICMP or IGMP, but considering the changes necessary for SCTP I think it is okay to leave SCTP out for now and add it in with proper SCTP support (and its own policy capability). Stephen, I'm assuming you feel the same since you left that out of the patch? -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
