From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jonathan Day <imipak@yahoo.com>
Subject: Re: RFC: Mandatory Access Control for sockets aka "personal  firewalls"
Date: Wed, 21 Jan 2009 22:29:39 -0800 (PST)
Message-ID: <381829.34720.qm@web31504.mail.mud.yahoo.com>
References: <4977C4E9.1090303@schaufler-ca.com>
Reply-To: imipak@yahoo.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: rmeijer@xs4all.nl, Samir Bellabes <sam@synack.fr>,
	linux-security-module <linux-security-module@vger.kernel.org>,
	Stephan Peijnik <stephan@peijnik.at>, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org
To: Casey Schaufler <casey@schaufler-ca.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <4977C4E9.1090303@schaufler-ca.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: netfilter-devel.vger.kernel.org

--- On Wed, 1/21/09, Casey Schaufler <casey@schaufler-ca.com> wrote:
> Jonathan Day wrote:
> > p.s. Which poster is going to be evil and start
> calling this Project MAC first?
> >   
> Careful, it can get much worse. What about mandatory access
> controls
> based on the NIC address, not the IP address? That would be
> MAC based
> MAC. Ack.

Then I would NACK your ACK for the bigMAC MAC/MAC.