Re: secmark=XXX mapping

Tuesday, 21 September 2010

...
 One item to note:  xt_SECMARK.c is presently using selinux-specific
 interfaces for mapping the security context string to a sid originally,
 as well as to check permissions, manage refcounts, etc.  So if you use
 the LSM hooks for mapping the secid back to a context, there will be an
 inconsistency in the interface.  Likely they should all be LSM hooks and
 both include/linux/selinux.h and security/selinux/exports.c should go
 away.
    I found a way to alter the iptables source to get that information - see 
my own thread on the netfilter mailing list here - 
http://www.spinics.net/lists/netfilter/msg49094.html

Whether the devs responsible for iptables/netfilter would agree to make 
these changes I am not sure - I patched my own iptables and it works!

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: secmark=XXX mapping