James Antill wrote: > On Wed, 2006-11-29 at 16:32 -0500, Stephen Smalley wrote: > >>I'm not sure the approach is quite workable yet either - if you >>configure xinetd to use labeled networking but the incoming connection >>is coming from a host that doesn't support it, getpeercon() will fail >>and you need to gracefully deal with it (e.g. fall back to some default, >>possibly based on the client machine's address). > > Isn't this exactly what netlabel is for? Do we really want to duplicate > that for each daemon?
NetLabel is a method of explicit labeled networking, i.e. it sends security attributes with each packet that both hosts must understand. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
