On Fri, 7 Feb 2003, Makan Pourzandi (LMC) wrote: > Hi all, > > My comments conecrn the (ip_decode_options, ip_encapsulate and > ip_decapsulate) hooks. Even, if James has done much regarding this topic > and I'm sure that he knows much more than me about it, I wanted to give > my 2 cents on why we should keep these hooks in future releases. > As mentioned during the last week, the current set of network hooks will not directly support explicitly labeled networking. It's not just the ip hooks: you'd also need the skb and possibly other rejected hooks to make it useful. Possibilities moving forward include reworking the design of the relevant LSM frameork components so that they are acceptable to the network maintainers in a future kernel release cycle, and investigating other schemes such as implicit labeling (e.g. Ajaya Chitturi's work on the Flask project). - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 15:12:50 PST