On Thu, 24 Aug 2006, Venkat Yekkirala wrote:

> The following are the changes included in this patchset since the previous
> post:
> 
> - Use SELinux transition rules instead of precedence when reconciling the
> secid's
>  making it flexible/policy-driven; xfrm secid would prevail by default.
> - Change the naming of access vector perms to flow_in and flow_out.
> - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net.
> - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to
>  override secmark currently in this regard (will rely on Paul Moore at HP
>  to bring cipso into the reconciliation path).

I like these changes, but wondering why you haven't supplied code for the 
outbound case ?


- James
-- 
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to