[redhat-lspp] RE: [PATCH 0/1] selinux: secid reconciliation fixes V01
James Morris
jmorris at namei.org
Mon Oct 9 17:01:56 UTC 2006
On Mon, 9 Oct 2006, Venkat Yekkirala wrote:
> I did in fact test inside SELinux, and that's how I found
> out these were igmp packets. These were getting labeled implicitly
> with unlabeled_t, and now after labeling thse distinctly, policy won't
> have to grant access to the network to unlabeled packets. An alternative
> is to not flow control any traffic that doesn't have a sock associated
> with it.
This might be worth considering as an intermediate step, and multicast
support can be added later. Just need to make sure it doesn't break
anything else.
- James
--
James Morris
<jmorris at namei.org>
More information about the redhat-lspp
mailing list