On Wed, 17 May 2006, Thomas Bleher wrote:
> This all looks very nice - Thank You!
> Just one question: does the code canonicalize the security label? It
> would be nice if the same rules could be used on MLS and non-MLS
> systems.
No, it shouldn't be necessary, as there's no legacy installed base
* James Morris <[EMAIL PROTECTED]> [2006-05-14 08:03]:
> Included below is an incremental patch against the initial secmark posting
> last week: http://thread.gmane.org/gmane.linux.network/34927/focus=34927
>
> This posting to gather feedback on changes made since then primarily to
> address con
On Sun, 2006-05-14 at 02:03 -0400, James Morris wrote:
> Included below is an incremental patch against the initial secmark posting
> last week: http://thread.gmane.org/gmane.linux.network/34927/focus=34927
>
> This posting to gather feedback on changes made since then primarily to
> address con
James Morris wrote:
> On Mon, 15 May 2006, Patrick McHardy wrote:
>
>
>>But if you don't specify --track, the module loader will still have to
>>resolve the symbol, so it gets loaded anyway, before your code will
>>even run. Just look at need_conntrack():
>
>
> Doh. It should be try_module_get
On Mon, 15 May 2006, James Morris wrote:
>
> Doh. It should be try_module_get(). Sound ok?
Of course, I mean request_module().
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo
On Mon, 15 May 2006, Patrick McHardy wrote:
> But if you don't specify --track, the module loader will still have to
> resolve the symbol, so it gets loaded anyway, before your code will
> even run. Just look at need_conntrack():
Doh. It should be try_module_get(). Sound ok?
- James
--
James
James Morris wrote:
> On Mon, 15 May 2006, Patrick McHardy wrote:
>
>
>>>Not sure what you mean: it will cause ip_conntrack to be loaded, which
>>>is needed when you specify the track flag.
>>
>>
>>Yes, but the reason why it is loaded is because the module loader needs
>>to resolve the symbol, n
On Mon, 15 May 2006, Patrick McHardy wrote:
> > Not sure what you mean: it will cause ip_conntrack to be loaded, which
> > is needed when you specify the track flag.
>
>
> Yes, but the reason why it is loaded is because the module loader needs
> to resolve the symbol, not because of anything do
James Morris wrote:
> On Mon, 15 May 2006, Patrick McHardy wrote:
>
>
This will load the conntrack modules even if the track flag is not set.
>>>
>>>
>>>I guess need_conntrack() could be moved to checkentry() and only called
>>>if the track flag is set.
>>
>>
>>That won't help, the function
On Mon, 15 May 2006, Patrick McHardy wrote:
> >>This will load the conntrack modules even if the track flag is not set.
> >
> >
> > I guess need_conntrack() could be moved to checkentry() and only called
> > if the track flag is set.
>
>
> That won't help, the function itself does nothing, it
James Morris wrote:
> On Sun, 14 May 2006, Patrick McHardy wrote:
>
>
>>James Morris wrote:
>>
>>>@@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
>>> {
>>> int err;
>>>
>>>+if (tracking_enabled())
>>>+need_conntrack();
>>>+
>>
>>This will load the conntrack module
On Sun, 14 May 2006, Patrick McHardy wrote:
> James Morris wrote:
> > @@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
> > {
> > int err;
> >
> > + if (tracking_enabled())
> > + need_conntrack();
> > +
>
> This will load the conntrack modules even if the track flag i
James Morris wrote:
> @@ -135,6 +175,9 @@ static int __init xt_secmark_init(void)
> {
> int err;
>
> + if (tracking_enabled())
> + need_conntrack();
> +
This will load the conntrack modules even if the track flag is not set.
Wouldn't it be better to put everything related
Included below is an incremental patch against the initial secmark posting
last week: http://thread.gmane.org/gmane.linux.network/34927/focus=34927
This posting to gather feedback on changes made since then primarily to
address concerns raised by Karl MacMillan on providing fine-grained
assuran
14 matches
Mail list logo
