* Add new per-packet access controls to SELinux, replacing the old packet controls. Packets are labeled with the iptables SECMARK and CONNSECMARK targets, then security policy for the packets is enforced with these controls. The old code is but not active by default - to restore previous behavior, the old controls may be activated at runtime by writing a '1' to /selinux/compat_net and also via the kernel boot parameter selinux_compat_net. Switching between the network control models

[;a=commit;h=4e5ab4cb85683cf77b507ba0c4d48871e1562305 (commit)]

[;a=commit;h=1b06e6ba25a37fe1c289049d0e0300d71ae39eff (commit)]

KernelNewbies: Linux_2_6_18 (last edited 2006-07-09 23:42:09 by diegocalleja)