On 5/16/2017 1:41 PM, Stephen Smalley wrote: > On Tue, 2017-05-16 at 14:43 -0400, Stephen Smalley wrote: >> On Mon, 2017-05-15 at 23:42 +0300, Dan Jurgens wrote: >>> From: Daniel Jurgens <danielj@xxxxxxxxxxxx> >>> >>> >>> + case OCON_IBPKEY: >>> + /* The subnet prefix is in >>> network >>> order */ >>> + for (j = 0; j < 4; j++) >>> + buf[j] = c- >>>> u.ibpkey.subnet_prefix[j]; >> Kernel write code always writes [2] and [3] as 0. > This btw again raises the question of whether it worth storing them in > the binary policy at all. Done, just store the upper 8 bytes in the policy now.
