On Wed, 19 Dec 2007, Paul Moore wrote: > Add an inet_sys_snd_skb() LSM hook to allow the LSM to provide packet level > access control for all outbound packets. Using the existing postroute_last > netfilter hook turns out to be problematic as it is can be invoked multiple > times for a single packet, e.g. individual IPsec transforms, adding unwanted > overhead and complicating the security policy.
I'm fine to ack this from a security pov -- any objections on the networking side? - James -- James Morris <[EMAIL PROTECTED]> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html