[PATCH 1/2] iptables (userspace): add secmark match
Mr Dash Four
mr.dash.four at googlemail.com
Mon Apr 8 02:32:24 UTC 2013
Mr Dash Four wrote:
>
>
> Pablo Neira Ayuso wrote:
>> On Tue, Mar 05, 2013 at 12:48:47PM +0000, Mr Dash Four wrote:
>>
>>> This patch is part of the userspace changes needed for the "secmark"
>>> match
>>> in iptables.
>>>
>>
>> SELinux already provides the framework to define your network policy
>> based on the secmark. I don't see why we need this in iptables.
>>
> I am not sure what to make of your response above Pablo. The purpose
> of the patch isn't to replace what SELinux already provides, but to
> make full use of that security framework. Are you questioning the
> purpose or usefulness of the patch in general? Elaborate please.
So?
More information about the selinux
mailing list