On Wed, 10 May 2006, Patrick McHardy wrote: > The netfilter parts all look fine too me (just one question, > see below). Shall I add the userspace parts to SVN or do you > want to do it yourself?
Might be better if you do it, although I'm still looking into one issue at this stage. > I wonder if the result of this check could be invalidated later > by removal of the selinux context and if it would matter, since > you reject contexts not known at initialization time. If the context is removed later by a change to SELinux policy, the kernel will remap them to "unlabeled_t", which is how packets would then be labeled by the rule. - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
