From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul@paul-moore.com>
To: SELinux@tycho.nsa.gov
Cc: Chris PeBenito <cpebenito@tresys.com>
Subject: Re: [PATCH 2/2] Update SELinux policy capability to always check peer class.
Date: Thu, 07 Jun 2012 10:28:59 -0400
Message-ID: <16742766.tXTOYM7uO2@sifl>
In-Reply-To: <1339003731-6743-2-git-send-email-cpebenito@tresys.com>
References: <1339003731-6743-1-git-send-email-cpebenito@tresys.com> <1339003731-6743-2-git-send-email-cpebenito@tresys.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On Wednesday, June 06, 2012 01:28:51 PM Chris PeBenito wrote:
> Update the always_check_network policy capability which, when enabled,
> treats peer labeling as enabled, even if there is no Netlabel or
> labeled IPSEC configuration.
> 
> Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

I still object to this patchset for all the same old reasons, but I feel 
obligated to point out that this patchset is still incomplete/incorrect in 
that it only deals with the socket_sock_rcv_skb hook.

-- 
paul moore
www.paul-moore.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.