[redhat-lspp] RE: [PATCH 0/1] selinux: secid reconciliation fixes V01
Venkat Yekkirala
vyekkirala at TrustedCS.com
Mon Oct 9 14:18:32 UTC 2006
> > 3. Label igmp traffic with the igmp_packet initial context.
>
> Why is IGMP being handled separately? How many other
> protocols will need
> their own specific hooks?
igmp seems like the only odd ball out in that it sends packets
outside of a socket (even a kernel sock) context; which also
explains why there's a separate init sid defined/deprecated for
this in the selinux policy.
>
> > + * @igmp_classify_skb:
> > + * Sets the skb's secid to the igmp initsid.
>
> This explanation is SELinux-specific.
Will fix this.
>
> Your patches need to be against the latest net-2.6 tree.
OK.
>
>
>
> - James
> --
> James Morris
> <jmorris at namei.org>
>
More information about the redhat-lspp
mailing list