--- Paul Moore <[EMAIL PROTECTED]> wrote: > On Friday 15 February 2008 6:24:25 pm Casey Schaufler wrote: > > From: Casey Schaufler <[EMAIL PROTECTED]> > > > > Smack uses CIPSO labeling, but allows for unlabeled packets > > by specifying an "ambient" label that is applied to incoming > > unlabeled packets. Because the other end of the connection > > may dislike IP options, and ssh is one know application that > > behaves thus, it is prudent to respond in kind. This patch > > changes the network labeling behavior such that an outgoing > > packet that would be given a CIPSO label that matches the > > ambient label is left unlabeled. An "unlbl" domain is added > > and the netlabel defaulting mechanism invoked rather than > > assuming that everything is CIPSO. Locking has been added > > around changes to the ambient label as the mechanisms used > > to do so are more involved. > > > > Cleaned up some issues noted in review. > > Make smk_cipso_doi() static. > > Create a hook for the new security_secctx_to_secid() > > using existing underlying code. > > Fill in audit data for netlbl domain calls. > > Collapse unnecessary multiple assignments. > > > > Signed-off-by: Casey Schaufler <[EMAIL PROTECTED]> > > Looks good to me, thanks for making those changes. > > Acked-by: Paul Moore <[EMAIL PROTECTED]>
Thank you for the insights. Casey Schaufler [EMAIL PROTECTED] -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html