On Fri, Apr 1, 2022 at 10:29 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > > > https://github.com/SELinuxProject/selinux/pull/349 > > It's too big to be posted on this ML. > I just glanced quickly and one thing stuck out to me. It looks like relabelfrom on sockets is marked as 10. The theory on using 10 for relabeling of files is that the full contents of the file is, of course, immediately available under a new context after relabeling and thus represents a large flow of information. The same is not true of a socket. Yes, subsequent send / recv from that socket would yield data, but the actual relabel seems, to me, to not transfer much data. Karl
