The following are the changes included in this patchset since the previous post:
- Perform flow_in check before (as opposed to after) computing transition secid on inbound; this seems more intuitive and correct. - Implement reconciliation and flow control for outbound traffic (forward case being a sequence of inbound checks followed by outbound checks). - Make selinux_xfrm_postroute_last checks conditional on compat_net. This patchset is relative to David Miller's net-2.6.19.git (last updated on Sep 1st). Please consider for inclusion in 2.6.19. UPCOMING WORK: The following per the discussion at: http://marc.theaimsgroup.com/?l=selinux&m=115755980516072&w=2 - Create IPSec SAs to be acquired with the creating sock's context as opposed to that of the matching SPD rule, resulting in a simpler SPD as well as policy. - Set peer_sid on tcp sockets to the reconciled secmark so trusted applications can retrieve and service the data at the appropriate context. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
