On Mon, 9 Oct 2006, Venkat Yekkirala wrote: > I did in fact test inside SELinux, and that's how I found > out these were igmp packets. These were getting labeled implicitly > with unlabeled_t, and now after labeling thse distinctly, policy won't > have to grant access to the network to unlabeled packets. An alternative > is to not flow control any traffic that doesn't have a sock associated > with it.
This might be worth considering as an intermediate step, and multicast support can be added later. Just need to make sure it doesn't break anything else. - James -- James Morris <[EMAIL PROTECTED]> -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
