From: Patrick McHardy <kaber@trash.net>
To: James Morris <jmorris@namei.org>
Cc: selinux@tycho.nsa.gov, netdev@vger.kernel.org,
netfilter-devel@lists.netfilter.org,
Stephen Smalley <sds@tycho.nsa.gov>,
Daniel J Walsh <dwalsh@redhat.com>,
Karl MacMillan <kmacmillan@tresys.com>,
"David S. Miller" <davem@davemloft.net>,
Thomas Bleher <bleher@informatik.uni-muenchen.de>
Subject: Re: [RFC] SECMARK 1.1
Date: Mon, 15 May 2006 08:26:23 +0200 [thread overview]
Message-ID: <44681F0F.9030601@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0605150221000.1275@d.namei>
James Morris wrote:
> On Mon, 15 May 2006, Patrick McHardy wrote:
>
>
>>>Not sure what you mean: it will cause ip_conntrack to be loaded, which
>>>is needed when you specify the track flag.
>>
>>
>>Yes, but the reason why it is loaded is because the module loader needs
>>to resolve the symbol, not because of anything done at module runtime.
>
>
> Am I missing something? This is what I want to happen. If you specify
> SECMARK --track, ip_conntrack is to be loaded.
But if you don't specify --track, the module loader will still have to
resolve the symbol, so it gets loaded anyway, before your code will
even run. Just look at need_conntrack():
/* Some modules need us, but don't depend directly on any symbol.
They should call this. */
void need_conntrack(void)
{
}
next prev parent reply other threads:[~2006-05-15 6:26 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-07 15:31 [RFC] SECMARK 1.0 James Morris
2006-05-07 15:31 ` James Morris
2006-05-07 15:33 ` [RFC] [SECMARK 01/08] Add secmark support to core networking James Morris
2006-05-07 15:33 ` James Morris
2006-05-07 15:34 ` [RFC][SECMARK 02/08] Export selinux_string_to_sid from SELinux James Morris
2006-05-07 15:34 ` James Morris
2006-05-07 15:35 ` [RFC][SECMARK 03/08] Add xtables SECMARK target James Morris
2006-05-07 15:35 ` James Morris
2006-05-10 6:03 ` Patrick McHardy
2006-05-10 13:30 ` James Morris
2006-05-10 13:30 ` James Morris
2006-05-11 7:06 ` Patrick McHardy
2006-05-07 15:36 ` [RFC][SECMARK 04/08] Add new flask definitions to SELinux James Morris
2006-05-07 15:36 ` James Morris
2006-05-07 15:37 ` [RFC][SECMARK 05/08] Add new packet controls " James Morris
2006-05-07 15:37 ` James Morris
2006-05-08 16:40 ` Stephen Smalley
2006-05-08 17:28 ` Karl MacMillan
2006-05-08 23:53 ` James Morris
2006-05-09 11:28 ` Stephen Smalley
2006-05-09 15:52 ` James Morris
2006-05-10 22:11 ` Thomas Bleher
2006-05-11 2:04 ` Valdis.Kletnieks
2006-05-11 12:52 ` Stephen Smalley
2006-05-13 20:00 ` Thomas Bleher
2006-05-15 12:32 ` Stephen Smalley
2006-05-07 15:38 ` [RFC][SECMARK 06/08] Define a relabelto permission in the SELinux packet class James Morris
2006-05-07 15:38 ` James Morris
2006-05-07 15:39 ` [RFC][SECMARK 07/08] Add selinux_relabel_packet_permission() to SELinux API James Morris
2006-05-07 15:39 ` James Morris
2006-05-07 15:40 ` [RFC][SECMARK 08/08] Add selinux_relabel_packet_permission() check to xt_SECMARK James Morris
2006-05-07 15:40 ` James Morris
2006-05-08 17:54 ` Karl MacMillan
2006-05-08 17:54 ` Karl MacMillan
2006-05-08 21:19 ` James Morris
2006-05-08 21:19 ` James Morris
2006-05-07 15:42 ` [RFC][SECMARK userland 01/03] Add libselinux support James Morris
2006-05-07 15:42 ` James Morris
2006-05-07 15:43 ` [RFC][SECMARK userland 02/03] Add libipt_SECMARK James Morris
2006-05-07 15:43 ` James Morris
2006-05-07 15:44 ` [RFC][SECMARK userland 03/03] Add libip6t_SECMARK James Morris
2006-05-07 15:44 ` James Morris
2006-05-07 17:04 ` [RFC] SECMARK 1.0 Joshua Brindle
2006-05-07 17:04 ` Joshua Brindle
2006-05-07 17:43 ` James Morris
2006-05-07 17:43 ` James Morris
2006-05-08 17:41 ` Karl MacMillan
2006-05-08 17:41 ` Karl MacMillan
2006-05-08 21:29 ` James Morris
2006-05-08 21:29 ` James Morris
2006-05-09 13:24 ` Karl MacMillan
2006-05-09 13:24 ` Karl MacMillan
2006-05-09 16:40 ` James Morris
2006-05-09 16:40 ` James Morris
2006-05-09 17:06 ` Karl MacMillan
2006-05-09 17:06 ` Karl MacMillan
2006-05-09 18:56 ` James Morris
2006-05-09 18:56 ` James Morris
2006-05-09 17:11 ` Stephen Smalley
2006-05-09 17:11 ` Stephen Smalley
2006-05-07 17:44 ` James Morris
2006-05-07 17:44 ` James Morris
2006-05-14 6:03 ` [RFC] SECMARK 1.1 James Morris
2006-05-14 6:03 ` James Morris
2006-05-14 18:37 ` Patrick McHardy
2006-05-15 4:24 ` James Morris
2006-05-15 4:24 ` James Morris
2006-05-15 5:29 ` Patrick McHardy
2006-05-15 5:57 ` James Morris
2006-05-15 5:57 ` James Morris
2006-05-15 6:04 ` Patrick McHardy
2006-05-15 6:22 ` James Morris
2006-05-15 6:22 ` James Morris
2006-05-15 6:26 ` Patrick McHardy [this message]
2006-05-15 6:37 ` James Morris
2006-05-15 6:37 ` James Morris
2006-05-15 6:42 ` James Morris
2006-05-15 6:42 ` James Morris
2006-05-15 6:43 ` Patrick McHardy
2006-05-15 12:35 ` Karl MacMillan
2006-05-15 12:35 ` Karl MacMillan
2006-05-17 13:36 ` Thomas Bleher
2006-05-17 13:36 ` Thomas Bleher
2006-05-17 14:56 ` James Morris
2006-05-17 14:56 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44681F0F.9030601@trash.net \
--to=kaber@trash.net \
--cc=bleher@informatik.uni-muenchen.de \
--cc=davem@davemloft.net \
--cc=dwalsh@redhat.com \
--cc=jmorris@namei.org \
--cc=kmacmillan@tresys.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.