From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mr Dash Four Subject: Re: [PATCH 1/2] iptables (userspace): add secmark match Date: Fri, 12 Apr 2013 14:54:56 +0100 Message-ID: <51681230.8010208@googlemail.com> References: <5135E9AF.6010800@googlemail.com> <20130319233233.GA4172@localhost> <514CA65E.5030106@googlemail.com> <51622C38.60109@googlemail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Eric Paris , Netfilter Core Team , Fedora SELinux Users To: Pablo Neira Ayuso Return-path: Received: from mail-wg0-f53.google.com ([74.125.82.53]:37132 "EHLO mail-wg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755878Ab3DLNzN (ORCPT ); Fri, 12 Apr 2013 09:55:13 -0400 Received: by mail-wg0-f53.google.com with SMTP id c11so2769515wgh.20 for ; Fri, 12 Apr 2013 06:55:12 -0700 (PDT) In-Reply-To: <51622C38.60109@googlemail.com> Sender: netfilter-devel-owner@vger.kernel.org List-ID: Mr Dash Four wrote: > > > Mr Dash Four wrote: >> >> >> Pablo Neira Ayuso wrote: >>> On Tue, Mar 05, 2013 at 12:48:47PM +0000, Mr Dash Four wrote: >>> >>>> This patch is part of the userspace changes needed for the >>>> "secmark" match >>>> in iptables. >>>> >>> >>> SELinux already provides the framework to define your network policy >>> based on the secmark. I don't see why we need this in iptables. >>> >> I am not sure what to make of your response above Pablo. The purpose >> of the patch isn't to replace what SELinux already provides, but to >> make full use of that security framework. Are you questioning the >> purpose or usefulness of the patch in general? Elaborate please. > So? Pablo, do you intend to address this or not?