Steve Grubb wrote: > On Tuesday 30 May 2006 15:38, Paul Moore wrote: >>When NetLabel is enabled all unlabeled packets get the unlabeled SID which >>may cause problems with the policy as it is currently written, I'm not sure >>(but it sounds like it from what you just said). > > So, how does one achieve backward compatibility? This is the normal setup > that > Fedora users would have. >
You update the policy at the same time you update the kernel to include NetLabel. Right now I am focusing on the kernel code because that needs to be done first and there is still work to be done. Also, I suspect there is still bound to be some debate as to how exactly we reconcile all of these network access controls into SELinux and that could have an affect on this as well (I tried to start a discussion on this but no one on the SELinux list seemed interested in talking about it). -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
