From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: From: "Venkat Yekkirala" To: "'Paul Moore'" Cc: , , Subject: RE: Labeling traffic over loopback Date: Tue, 12 Dec 2006 11:02:37 -0600 Message-ID: <000c01c71e0f$53c39da0$cc0a010a@tcssec.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" In-Reply-To: <457EDAA1.60003@hp.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov > > We could use an additional bit (local_label) to denote that > > "sp" holds the source label sid (no blob, so no lifecycle mgmt). > > > > What do people think? > > Can you give an example of what the *sp value would look > like? Are you thinking > of adding a new field to 'sec_path' or would you create a > sort of dummy > 'xfrm_state' entry? Nope. Note "(no blob, so no lifecycle mgmt)". More specifically, we could use a union in place of sp and when we are looking at a loopback packet and no xfrm in use we could use the union to hold the secid. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.