On Mon, 8 May 2006, Karl MacMillan wrote:
> Glad that you added this. This only checks on the addition of rules,
> correct? Obviously changes that don't include an addition (e.g.,
> removal) could change the labeling behavior. Is it possible / needed to
> try to provide anything like the relabelto
On Sun, 2006-05-07 at 11:40 -0400, James Morris wrote:
> This patch adds the selinux_relabel_packet_permission() check to the
> SECMARK target, so that SELinux policy is consulted to ensure that the
> labeling operation is permitted by the current task.
>
>
> Signed-off-by: James Morris <[EMAIL
This patch adds the selinux_relabel_packet_permission() check to the
SECMARK target, so that SELinux policy is consulted to ensure that the
labeling operation is permitted by the current task.
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
net/netfilter/xt_SECMARK.c |6 ++
1 fil
