From: Eric Paris <[EMAIL PROTECTED]> Date: Fri, 23 Mar 2007 01:39:47 -0400
> It seems reasonable to me that the check for every policy (which is > between current->security->sid and xp->security->ctx_sid) makes sense. > There doesn't appear to me right offhand to be anything intrinsic in the > code which says that a flush request must flush everything or nothing. The "intrinsic" part comes from the heritage of routing daemons and what they expect from flush operations, these assumption live in the ipsec daemons as well. A daemon, routing or ipsec, is flushing the tables in order to create an entirely "clean slate", and they very much expect the policy and state tables to be %100 empty after the operation. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
