Re: [GIT]: Networking

From: Patrick McHardy
Date: Sun Jul 20 2008 - 21:21:37 EST

Next message: Alexey Dobriyan: "Re: [GIT]: Networking"
Previous message: David Miller: "Re: [GIT]: Networking"
In reply to: David Miller: "Re: [GIT]: Networking"
Next in thread: Stefan Richter: "Re: [GIT]: Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Miller wrote:

From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 20 Jul 2008 17:54:04 -0700 (PDT)

Grr. And I quote:

Security table (IP_NF_SECURITY) [Y/n/?] (NEW) ?

This option adds a `security' table to iptables, for use
with Mandatory Access Control (MAC) policy.

If unsure, say N.

why the heck does this new config option apparently default to 'Y'? It's a new option, so no old users can need it, and the docs even say you should say 'N' unless you know what you're doing.

(Same issue with the IPv6 version).

Don't do this.

James/Patrick please fix this.

This is only the NETFILTER_ADVANCED=n default (for SECURITY=y).
The netfilter defaults for NETFILTER_ADVANCED=n should be m/y for
things that are needed by mainstream distributions for normal
usage.

I'm not sure how this is going to be used, James?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexey Dobriyan: "Re: [GIT]: Networking"
Previous message: David Miller: "Re: [GIT]: Networking"
In reply to: David Miller: "Re: [GIT]: Networking"
Next in thread: Stefan Richter: "Re: [GIT]: Networking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]