--- Paul Moore <[EMAIL PROTECTED]> wrote: > On Tuesday, July 17 2007 2:51:14 pm Casey Schaufler wrote: > > --- Paul Moore <[EMAIL PROTECTED]> wrote: > > > > > Also, any reason why you don't just use the NetLabel default domain > > > > > mapping? > > > > > > > > Uh, only that I couldn't figure out how to go about doing so. If it > > > > simplifies (there's that word again) things I'm all for it. I would > > > > be happy to have my ignorance dispelled. > > > > > > Two things: > > > > > > 1. change "ndmp->domain = SMACK_CIPSO_DOMAIN_NAME" to "ndmp->domain = > > > NULL" 2. change "netlbl_domhsh_add()" to "netlbl_domhsh_add_default()" > > > > > > If you want to get really nitpicky the second step is optional, but I'd > > > prefer > > > you use it in case we ever need to do something radically different for > > > the default NetLabel domain mapping (it's really easy as they take the > > > same arguments in the same order, just change the function name). > > > > I gave these changes a try. netlbl_domhsh_add_default() returns > > -EEXIST and packets are not getting labeled. Is it possible that > > the default domain has to be cached? > > Nope, but I forgot that you have to remove the existing default mapping first > > (the kernel creates a default unlabeled mapping at boot) ... you'll need to > make a call to netlbl_domhsh_remove_default() first to get rid of the > kernel's initial domain mapping. > > Sorry about that.
No worries. That did the trick. Thank you. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
