[Swan-commit] Changes to ref refs/heads/main
paul at vault.libreswan.fi
Thu Mar 4 18:02:14 UTC 2021
Author: Kavinda Wewegama <kavinda.wewegama at forcepointgov.com>
Date: Thu Mar 4 13:01:22 2021 -0500
pluto: remove equality check involving SELinux labels
* Any decision involving SELinux labels should always be SELinux policy driven.
** Therefore, `pluto` should never do equality checks on labels.
* In the case of `within_range()`, there is no guarantee that a label is
allowed to `polmatch` against itself.
** Hence, there should not be a `hunk_eq()` call.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
More information about the Swan-commit