[redhat-lspp] Re: Networking policy patch
Christopher J. PeBenito
cpebenito at tresys.com
Fri Oct 6 15:42:57 UTC 2006
On Fri, 2006-10-06 at 11:13 -0400, Joshua Brindle wrote:
> Venkat Yekkirala wrote:
> > Actually, the above only applies to the compat_net case
> > and there unlabeled_t is just fine.
> >
> >
> why isn't compat_net using the same default sid for associations?
> > So, there are different MLS constraints (and policy) for
> > the compat_net case as opposed to the new secmark controls.
> >
> >
> there shouldn't be, compat_net and secmark use different object classes
> (except association) and the behaviors should not conflict
> > I guess you are planning to have one policy for compat_net
> > and another for secmark?
> >
> >
> I'll let Chris comment here but I don't think that is ideal.
Agreed, it would not be ideal. The behaviors shouldn't conflict, so a
unified policy should be doable.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the redhat-lspp
mailing list