On Thursday 22 June 2006 05:00, David Miller wrote: > > #define NETLINK_GENERIC 16 > > +#define NETLINK_NETLABEL 17 /* Network packet labeling */ > > > > #define MAX_LINKS 32 > > Please use generic netlink.
Since this is a security interface, shouldn't it be its own protocol so that SE Linux can control commands being sent? Paul's patches do include a netlink table in security/selinux/nlmsgtab.c. But I do not see any hooks to control generic netlink messages. (There seems to be several protocols that SE Linux is not controlling.) I could see that someone in secadm role should be able to issue these commands, but someone at sysadm or auditadm would not. If moving this over to generic is a must, then I think SE Linux will have to clip into generic to control its packet flow. -Steve - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
