[redhat-lspp] RE: DOCUMENTATION OF SECID RECONCILIATION AND FLOW CONTROL FOR POLICY WRITERS

Venkat Yekkirala vyekkirala at trustedcs.com
Sat Oct 14 00:03:29 UTC 2006


> > turns into:
> > 
> > allow unlabeled_t network_t:packet flow_in;
> 
> as it happens currently.
> 
> > allow unconfined_t unlabeled_t:packet flow_in;
> 
> as it happens currently.

Well, as: allow unconfined_t unlabeled_t:packet recv;

> 
> > allow unconfined_t unlabeled_t:packet flow_out;
> 
> Not needed since we have a check against network_t
> as mentioned next.
> 
> > allow unlabeled_t network_t:packet flow_out;
> > 
> > which seems more correct to me and is clearer and more consistent.
> 
> which, after all said and done is what in fact is (should be) 
> happening.
> 
> But the fights in the earlier part still hold true, which 
> makes me wonder
> where did you/I get off the track?
> 




More information about the redhat-lspp mailing list