From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id p1S7TPnn030292 for ; Mon, 28 Feb 2011 02:29:25 -0500 Received: from a.mx.secunet.com (localhost [127.0.0.1]) by msux-gh1-uea01.nsa.gov (8.12.10/8.12.10) with ESMTP id p1S7TNYA025551 for ; Mon, 28 Feb 2011 07:29:24 GMT Date: Mon, 28 Feb 2011 08:29:21 +0100 From: Steffen Klassert To: Paul Moore Cc: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Subject: Re: [PATCH 02/10] selinux: Perform postroute access control checks after IPsec transfomations Message-ID: <20110228072921.GA26510@secunet.com> References: <20110214131651.GA15640@secunet.com> <1297884894.25079.12.camel@sifl> <20110222112334.GB20852@secunet.com> <201102231602.54502.paul.moore@hp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <201102231602.54502.paul.moore@hp.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, Feb 23, 2011 at 04:02:54PM -0500, Paul Moore wrote: > > > > I just noticed that because I started with a dummy policy where I had > > network_peer_controls disabled. I can easily live without that patch > > of course. > > Ah, that would explain it. Were you using the dummy policy generated by > scripts/selinux? Yes, I did. > If so, that might be a worthwhile patch to add that policy > capability to the generated policy. > Indeed, would be nice to have the network_peer_controls enabled in the generated dummy policy. I'll look at it. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.