[EMAIL PROTECTED] wrote on 08/11/2006 03:02:03 PM: > On Fri, 11 Aug 2006, Stephen Smalley wrote: > > > On Fri, 2006-08-11 at 16:34 -0300, Thiago Jung Bauermann wrote: > > > Hi folks, > > > > > > What is the status of the node and netif hooks in light of the recent > > > networking developments (secmark, CIPSO, netlabel, mlsxfrm...)? Are they > > > being removed? Not removed but obsoleted? If the latter are they > > > affected in their functionality? > > > > > > It seems secmark removes those hooks, but then a compatibility flag can > > > be turned on to get them back, right? > > > > Well, yes and no. > > > > secmark is intended to supersede the old netif/node/port checks. There > > is ongoing work to integrate secmark fully. It would be preferable if > > you could use it for your purposes rather than the old checks. > > Eventually, I think it'd be good to remove the old controls (but not for
> some time, perhaps a year or two). An additional question is will the node and netif constraints remain in the mls policy for RHEL5? From the comment above, it sounds as though they will. -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
