On Mon, 9 Oct 2006, Venkat Yekkirala wrote: > > > 3. Label igmp traffic with the igmp_packet initial context. > > > > Why is IGMP being handled separately? How many other > > protocols will need > > their own specific hooks? > > igmp seems like the only odd ball out in that it sends packets > outside of a socket (even a kernel sock) context; which also > explains why there's a separate init sid defined/deprecated for > this in the selinux policy.
I don't think a protocol-specific hook is going to be acceptable. Can you test inside SELinux to determine that it's IGMP? - James -- James Morris <[EMAIL PROTECTED]> -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
