On Fri, 12 Aug 2005, Arnaldo Carvalho de Melo wrote: Please do NOT apply these changes to the SELinux code.
These values are automatically generated and must be synchronized with userland policy. > diff --git a/security/selinux/include/av_inherit.h > b/security/selinux/include/av_inherit.h > --- a/security/selinux/include/av_inherit.h > +++ b/security/selinux/include/av_inherit.h > @@ -21,7 +21,7 @@ > S_(SECCLASS_SHM, ipc, 0x00000200UL) > S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) > S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) > - S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) > + S_(SECCLASS_NETLINK_INET_DIAG_SOCKET, socket, 0x00400000UL) > S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) > S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) > S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) etc. At this stage, I suggest only updating the SELinux code so that it recognizes the DCCPDIAG_GETSOCK message. We need to work out how to transition SELinux policy from a "netlink_tcpdiag_socket" class to "netlink_inetdiag_socket". i.e. whether to even bother changing the name of the class, or aliasing it somehow. - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html