[RFC] SECMARK 1.1
James Morris
jmorris at namei.org
Wed May 17 16:56:04 CEST 2006
On Wed, 17 May 2006, Thomas Bleher wrote:
> This all looks very nice - Thank You!
> Just one question: does the code canonicalize the security label? It
> would be nice if the same rules could be used on MLS and non-MLS
> systems.
No, it shouldn't be necessary, as there's no legacy installed base of
rulesets (as there was with disk files), and MLS is now generally enabled
by default. Also, these rules are never exposed to general users, and
even sysadmins should generate the rules via some kind of tool.
It would also add some complexity.
- James
--
James Morris
<jmorris at namei.org>
More information about the netfilter-devel
mailing list