Re: [GIT]: Networking
From: Linus Torvalds
Date: Mon Jul 21 2008 - 13:40:48 EST
On Mon, 21 Jul 2008, David Miller wrote:
> From: Patrick McHardy <kaber@xxxxxxxxx>
> Date: Mon, 21 Jul 2008 14:05:57 +0200
> > The idea was that NETFILTER_ADVANCED=n enables everything needed
> > by mainstream distributions and hides the rest. We can certainly
> > change the default for this option, but that makes NETFILTER_ADVANCED
> > pretty much useless.
> A new feature cannot possibly be used by existing distributions. I
> think that's the main gripe.
Well, if the feature really is going to be something that a _normal_
netfilter config needs, then it should indeed be turned on.
However, nothing in the docs imply that at all. Can you explain? Why
should IP_NF_SECURITY be on, and why should a default netfilter table
enable it? And if it should, WHY THE HELL IS IT DOCUMENTED THAT YOU SHOULD
Patrick, see my original report:
> Grr. And I quote:
> Security table (IP_NF_SECURITY) [Y/n/?] (NEW) ?
> This option adds a `security' table to iptables, for use
> with Mandatory Access Control (MAC) policy.
> If unsure, say N.
That option as it stands now MAKES NO SENSE. Either you should say 'Y'
(and you should explain _why_), or you should say 'N' (as documented) and
it should damn well default to 'N' too!
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/