[PATCH 1/2] iptables (userspace): add secmark match
Mr Dash Four
mr.dash.four at googlemail.com
Fri Mar 22 18:43:42 UTC 2013
Pablo Neira Ayuso wrote:
> On Tue, Mar 05, 2013 at 12:48:47PM +0000, Mr Dash Four wrote:
>
>> This patch is part of the userspace changes needed for the "secmark" match
>> in iptables.
>>
>
> SELinux already provides the framework to define your network policy
> based on the secmark. I don't see why we need this in iptables.
>
I am not sure what to make of your response above Pablo. The purpose of
the patch isn't to replace what SELinux already provides, but to make
full use of that security framework. Are you questioning the purpose or
usefulness of the patch in general? Elaborate please.
More information about the selinux
mailing list