On Mon, 2006-08-28 at 14:05 -0400, Linda Knippers wrote: > Stephen Smalley wrote: > > Using compat_net isn't difficult; it just requires reverting the change > > to libselinux so that it won't be overwritten upon policy load, and then > > putting something in your certification package to enable it manually, > > most likely by echo'ing a 1 to /selinux/compat_net from rc.sysinit or > > similar. So that is certainly doable if you need it. > > I didn't see any more mail on this subject but reverting the change > to libselinux sounds like a good idea to me, even if we do include > secmark in the LSPP evaluation. If the default for the kernel parameter > is to use secmark then the only people who have to worry about the > setting are the ones who want legacy controls. Having a way for them > to turn it on without it being turned off again seems like a good > idea.
Yes, already done in libselinux 1.30.27. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
