> > 3. Label igmp traffic with the igmp_packet initial context. > > Why is IGMP being handled separately? How many other > protocols will need > their own specific hooks?
igmp seems like the only odd ball out in that it sends packets outside of a socket (even a kernel sock) context; which also explains why there's a separate init sid defined/deprecated for this in the selinux policy. > > > + * @igmp_classify_skb: > > + * Sets the skb's secid to the igmp initsid. > > This explanation is SELinux-specific. Will fix this. > > Your patches need to be against the latest net-2.6 tree. OK. > > > > - James > -- > James Morris > <[EMAIL PROTECTED]> > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
