Re: [PATCH 0/3] secid reconciliation-v01: Repost patchset with updates
On Thu, 24 Aug 2006, Venkat Yekkirala wrote: > The following are the changes included in this patchset since the previous > post: > > - Use SELinux transition rules instead of precedence when reconciling the > secid's > making it flexible/policy-driven; xfrm secid would prevail by default. > - Change the naming of access vector perms to flow_in and flow_out. > - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net. > - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to > override secmark currently in this regard (will rely on Paul Moore at HP > to bring cipso into the reconciliation path). I like these changes, but wondering why you haven't supplied code for the outbound case ? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/3] secid reconciliation-v01: Repost patchset with updates
The following are the changes included in this patchset since the previous post: - Use SELinux transition rules instead of precedence when reconciling the secid's making it flexible/policy-driven; xfrm secid would prevail by default. - Change the naming of access vector perms to flow_in and flow_out. - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net. - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to override secmark currently in this regard (will rely on Paul Moore at HP to bring cipso into the reconciliation path). This patchset is relative to David Miller's net-2.6.19.git. Please consider for inclusion in 2.6.19. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html