On Wed, 2006-11-29 at 17:13 -0500, Paul Moore wrote: > James Antill wrote: > > On Wed, 2006-11-29 at 16:32 -0500, Stephen Smalley wrote: > > > >>I'm not sure the approach is quite workable yet either - if you > >>configure xinetd to use labeled networking but the incoming connection > >>is coming from a host that doesn't support it, getpeercon() will fail > >>and you need to gracefully deal with it (e.g. fall back to some default, > >>possibly based on the client machine's address). > > > > Isn't this exactly what netlabel is for? Do we really want to duplicate > > that for each daemon? > > NetLabel is a method of explicit labeled networking, i.e. it sends security > attributes with each packet that both hosts must understand.
As I understand it, you can say label received packets from host X with context Y. Is that not so? -- James Antill <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
