From: [EMAIL PROTECTED] Date: Wed, 21 Jun 2006 15:42:38 -0400 > Add support for the Commercial IP Security Option (CIPSO) to the > IPv4 network stack. CIPSO has become a de-facto standard for > trusted/labeled networking amongst existing Trusted Operating > Systems such as Trusted Solaris, HP-UX CMW, etc. This > implementation is designed to be used with the NetLabel subsystem to > provide explicit packet labeling to LSM developers.
The thing that concerns me most about CIPSO is that even once users migrate to a more SELINUX native approach from this CIPSO stuff, the CIPSO code, it's bloat, and it's maintainence burdon will remain. It's easy to put stuff it, it's impossible to take stuff out even once it's largely unused by even it's original target audience. And that's what I see happening here. This is why, to be perfectly honest with you, I'd much rather something like this stay out-of-tree and people are strongly encouraged to use the more native stuff under Linux. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
