> > turns into: > > > > allow unlabeled_t network_t:packet flow_in; > > as it happens currently. > > > allow unconfined_t unlabeled_t:packet flow_in; > > as it happens currently.
Well, as: allow unconfined_t unlabeled_t:packet recv; > > > allow unconfined_t unlabeled_t:packet flow_out; > > Not needed since we have a check against network_t > as mentioned next. > > > allow unlabeled_t network_t:packet flow_out; > > > > which seems more correct to me and is clearer and more consistent. > > which, after all said and done is what in fact is (should be) > happening. > > But the fights in the earlier part still hold true, which > makes me wonder > where did you/I get off the track? > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
