On Fri, 2006-10-06 at 11:13 -0400, Joshua Brindle wrote: > Venkat Yekkirala wrote: > > Actually, the above only applies to the compat_net case > > and there unlabeled_t is just fine. > > > > > why isn't compat_net using the same default sid for associations? > > So, there are different MLS constraints (and policy) for > > the compat_net case as opposed to the new secmark controls. > > > > > there shouldn't be, compat_net and secmark use different object classes > (except association) and the behaviors should not conflict > > I guess you are planning to have one policy for compat_net > > and another for secmark? > > > > > I'll let Chris comment here but I don't think that is ideal.
Agreed, it would not be ideal. The behaviors shouldn't conflict, so a unified policy should be doable. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
