* Casey Schaufler <[EMAIL PROTECTED]> wrote:
> > So unlike some other security modules like SELINUX, enabling SMACK
> > breaks un-aware userspace and breaks TCP networking?
> >
> > I dont think that's expected behavior - and i'd definitely like to
> > enable SMACK in automated tests to check for regressions, etc.
>
> As Stephen mentions later, Smack uses CIPSO. sshd does not like any IP
> options because of traceroute, and must be built with that check
> disabled with the current Smack version. I have been looking at using
> unlabeled packets for the "ambient" label, it appears that doing so
> would make life simpler. I will get right on it.
ok - feel free to send me any patches to test.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
