-----Original Message----- From: Venkat Yekkirala Sent: Friday, June 16, 2006 3:31 PM To: 'Trent Jaeger'; Venkat Yekkirala Cc: [email protected]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to SE Linux LSM
> In selinux_xfrm_policy_lookup, we check that the fl_sid has > access to > the xfrm policy's sid before using that policy. > > On input, I take this to mean that we must have granted the type of > the SA access to the policy, That is correct. > and the case of the server receiving a > packet from a client these would be the same (client's type). Probably, but since we have the SA Type delinked from the xfrm_policy Type it's all entirely upto the policy. -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
