On Wed, 2006-11-08 at 08:34 -0600, Venkat Yekkirala wrote: > > Such duplication can occur among the initial SIDs. > > For some reason I thought that could happen between an initial SID > and a non-initial SID.
I think only in the case where a non-initial SID has been invalidated by policy reload that renders its context illegal and is thus remapped to the unlabeled SID. > > Not sure > > though when > > that would apply here, > > It could apply to xfrms if they happen to be using the context > represented by any of the initial SIDs. Which would happen when? > > and it would only apply if both SIDs > > were initial > > SIDs. > > OK. Will narrow the full context comparison to just this case. What's the harm from just using the SID comparison and allowing for the possibility that there might be a few duplicates in rare circumstances? Does it break any assumptions in the rest of the logic? -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
