> > I just verified that this still works correctly. You can test it > > yourself by doing the following: > > > > 1. Connect to the machine via the network (ssh, telnet, etc.) > > 2. Once connected run a command that generates regular output (run 'date' > > in a loop) > > 3. On a console on the machine run the following > > > > # netlabelctl -p unlbl accept off > > <the output on the command from #2 should stop> > > # netlabelctl -p unlbl accept on > > <the output on the command from #2 should resume, assuming the TCP > > session didn't die> > > > > You can check the status of the unlabeled accept flag by running the > > following command: > > > > # netlabelctl -p unlbl list > > Beat me to it. Does the fact that netlabel and xfrm have different > mechanisms for accomplishing the same thing change the 'correct' name > for the boolean?
Hey, if you guys want to take a patch at this point I can change it the netlabelctl program to use whatever you want ... I'm nice like that :) -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
