On Mon, Jul 27, 2020 at 9:57 AM Dominick Grift <dominick.grift@xxxxxxxxxxx> wrote: > > Probably nothing but I did not understand this: Is reception not > controlled with the netif ingress permission? Yes, the netif/ingress and node/recvfrom permissions are checked when packets are received; in both cases the subject is the peer labels (think the security context of the remote network peer) and the objects are the network interface's label or network node's label, respectively. This is pretty old, almost twelve years old, but it should still be accurate: * https://www.paul-moore.com/blog/d/2008/12/network_ingress_egress_controls.html -- paul moore www.paul-moore.com
