Em Fri, Aug 12, 2005 at 11:42:11AM -0400, James Morris escreveu: > On Fri, 12 Aug 2005, Arnaldo Carvalho de Melo wrote: > > Please do NOT apply these changes to the SELinux code. > > These values are automatically generated and must be synchronized with > userland policy. > > > diff --git a/security/selinux/include/av_inherit.h > > b/security/selinux/include/av_inherit.h > > --- a/security/selinux/include/av_inherit.h > > +++ b/security/selinux/include/av_inherit.h > > @@ -21,7 +21,7 @@ > > S_(SECCLASS_SHM, ipc, 0x00000200UL) > > S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) > > S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) > > - S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) > > + S_(SECCLASS_NETLINK_INET_DIAG_SOCKET, socket, 0x00400000UL) > > S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) > > S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) > > S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) > > etc. > > At this stage, I suggest only updating the SELinux code so that it > recognizes the DCCPDIAG_GETSOCK message. > > We need to work out how to transition SELinux policy from a > "netlink_tcpdiag_socket" class to "netlink_inetdiag_socket". i.e. whether > to even bother changing the name of the class, or aliasing it somehow.
Here I go regenerating the tree, at least this one is closer to the end of the series... I'll just remove _all_ of the selinux related bits, OK? Lesson learned :-) - Arnaldo - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
