[RFC] security: add iptables "security" table for MAC rules

[James Morris]

On Tue, 29 Jan 2008, Paul Moore wrote:

> That seems reasonable.  By the way, this isn't really related, but is it 
> possible to change the NF_IP_PRI_SELINUX_* constants to NF_IP_PRI_SECURITY_* 
> for the sake of consistency or are those values already visible to userspace?  

They are visible to userspace, and included in glibc headers, but I don't 
see any userland use of them via google codesearch or know of a possible 
valid use.

> I suppose we could always rename them anyway and just add a #define for 
> compatibility ...

Yep, if you want to.


- James
-- 
James Morris
<jmorris at namei.org>