On Friday 08 September 2006 12:50 pm, Venkat Yekkirala wrote: > UPCOMING WORK: > > The following per the discussion at: > http://marc.theaimsgroup.com/?l=selinux&m=115755980516072&w=2 > > - Create IPSec SAs to be acquired with the creating sock's context as > opposed to that of the matching SPD rule, resulting in a simpler SPD as > well as policy. - Set peer_sid on tcp sockets to the reconciled secmark so > trusted applications can retrieve and service the data at the appropriate > context.
Considering the discussions that have taken place on the SELinux list I think doing the work to set the peer_sid value on TCP sockets is an important part of the secid work and should be included in this patchset. I don't believe it would be that difficult, and it would make some of the code much cleaner/simpler I think. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
