On Wed, 2 Oct 2002, Wayne Salamon wrote: > SELinux needs this labeling in order to reliably label SYN/ACKs, and the > new accepted socket on the server, when extended socket calls are used. If > these hooks are not of a general use within LSM, then we can maintain them > as part of our small SELinux patch. > > Comments? I'd initially wondered if you would need something like this, looks like you did. I can't see any problems adding this to LSM, as it's needed for reliable packet labeling. The network maintainers may be concerned at additional performance overhead, but we're anticipating the possible need to solve this in the general case anyway. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 02 2002 - 08:11:25 PDT