On Wed, Jan 10, 2007 at 11:41:07AM -0600, Venkat Yekkirala wrote: > > Only, on a security policy denial (-ESRCH from the LSM hook), a 0 > is returned by the resolver to signify no applicable policy since > a negative result is akin to no policy. And I see the "no policy" > case is already cached.
I'm not talking about an xfrm policy lookup failure, that exists with or without SELinux. I'm talking about an error returned from security_xfrm_policy_lookup(), i.e., whether a policy can be used or not. For that case, we only cache positive results currently. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
