| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4883E465.4050405@trash.net> Date: Mon, 21 Jul 2008 03:20:37 +0200 From: Patrick McHardy <kaber@...sh.net> To: David Miller <davem@...emloft.net> CC: torvalds@...ux-foundation.org, akpm@...ux-foundation.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, jmorris@...ei.org Subject: Re: [GIT]: Networking David Miller wrote: > From: Linus Torvalds <torvalds@...ux-foundation.org> > Date: Sun, 20 Jul 2008 17:54:04 -0700 (PDT) > > >> Grr. And I quote: >> >> Security table (IP_NF_SECURITY) [Y/n/?] (NEW) ? >> >> This option adds a `security' table to iptables, for use >> with Mandatory Access Control (MAC) policy. >> >> If unsure, say N. >> >> why the heck does this new config option apparently default to 'Y'? It's a >> new option, so no old users can need it, and the docs even say you should >> say 'N' unless you know what you're doing. >> >> (Same issue with the IPv6 version). >> >> Don't do this. >> > > James/Patrick please fix this. > This is only the NETFILTER_ADVANCED=n default (for SECURITY=y). The netfilter defaults for NETFILTER_ADVANCED=n should be m/y for things that are needed by mainstream distributions for normal usage. I'm not sure how this is going to be used, James? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists