On Thu, 24 Aug 2006, Venkat Yekkirala wrote: > The following are the changes included in this patchset since the previous > post: > > - Use SELinux transition rules instead of precedence when reconciling the > secid's > making it flexible/policy-driven; xfrm secid would prevail by default. > - Change the naming of access vector perms to flow_in and flow_out. > - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net. > - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to > override secmark currently in this regard (will rely on Paul Moore at HP > to bring cipso into the reconciliation path).
I like these changes, but wondering why you haven't supplied code for the outbound case ? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html