[redhat-lspp] LSPP Development Telecon 12/12/2005 Minutes
Debora Velarde
dvelarde at us.ibm.com
Sat Dec 17 00:53:56 UTC 2005
-----------------------
LSPP Meeting 12/12/2005
-----------------------
Known Attendees:
Matt Anderson (HP)
John Boone (TCS)
Tim Chavez (IBM)
Janak Desai (IBM)
Darrel Goeddel (TCS)
Amy Griffins (HP)
Steve Grubb (Red Hat)
Chad Hanson (TCS)
Trent Jaeger (PSU)
Linda Knippers (HP)
Paul Moore (HP)
Chris PeBenito (Tresys)
Emily Ratliff (IBM)
Debora Velarde (IBM)
Klaus Weidner (atsec)
George Wilson (IBM)
David Woodhouse (Red Hat)
Venkat Yekkirala (TCS)
Catherine Zhang (IBM)
Tentative Agenda:
2.6.16
End of year--when to resume
Testcase development
Documentation for the wiki
Rawhide testing issues
IPsec labels + racoon--looks like an issue
IPsec getsockopt() of label + xinetd
IPsec-tools submitted
VFS polyinstantiation--patches updated
AuditFS completion--update from Amy
Audit by role--patch in progress
Audit enhancements
Self tests
Roles
SELinux base update
Print--rework w/input from Klaus
Device allocation, udev, and DBUS
Cron, at, tmpwatch, etc.
Mail
Package list
Gaps remaining
------
2.6.16
------
cutoff date?
unshare might not make it
rest aren't going to make it
from what david Woodhouse was saying (needed to be in -mm tree already)
shooting for 2.6.17 for the remaining kernel pieces
---------------------------
End of year--when to resume
---------------------------
This is last meeting of the year
Meetings to start again next year on the 9th.
--------------------
Testcase development
--------------------
IBM concerned about testcase development
- don't have a good feel for how much help with testcase development we're
going to have in the coming year
- don't have full resources to do all development on the testcases
- if writing new code, if had bandwidth, please write testcases up to the
point
that someone can pick them up
shared testcase development?
- need to figure out logistics of that
- Kris Wilson, test lead for IBM, is out on Mondays
- HP is interested in participating
- wasn't sure if that is something we'd share or not
- where to draw the line?
- would like to make tests part of LTP - for the whole community
- George will ask Kris to post to the list
- HP doing some testcase development
- George needs to get project management's take (Ken not on call)
--------------------------
Documentation for the wiki
--------------------------
- Kris wasn't able to get instructions on wiki to fully work
because of policy issues
- klaus was able to go thru those instructions fully either
- klaus requested that any documentation, hints, tips, etc be put on wiki
- If Kris gets steps to upgrade from test 1 she'll put those on wiki
ACTION: post the url to the wiki on the minutes:
http://cable.coker.com.au:800/wiki/index.php/Main_Page
----------------------
Rawhide testing issues
----------------------
- success on pseries, but having problems on x86_64
- rawhide on x86-64 encountered some kernel problems
- Kris trying to screen those and see if they have been reported
and will work with RH directly
- Dustin suggested Kris contact Paul on irc
- klaus had similar problem trying to setup rawhide in evaluated
configuration
- trying to directly install rawhide should work
although this week lots of changes in fedora, gcc update
- fedora will need a week or two to stabilize
- Steve suggests installing fedora core 5 test 1 and updating selectively
until rawhide is stable again
------------------------------------------
IPsec labels + racoon--looks like an issue
------------------------------------------
Update from Catherine - ipsec labels and racoon
- negotiates keys and first encrypted packet results in a hang
- not clear if its the 1st packet
- the ping following the racoon negotiation makes the whole kernel panic
- might be memory corruption in the kernel
- Catherine didn't have time to investigate it further
- happens with 2.6.15.rc3.mm1 kernel
- Joy is investigating
- Catherine's priority is patch for UDP
get it out for comments first and then work on this
- George will help debug that as well
- only happens on newest kernel that includes Trent's patch
- 2.6.14 git tree is fine
------------------------------------
IPsec getsockopt() of label + xinetd
------------------------------------
- want to use newest 2.6.15-rc5-mm2
- tested code is working fine
- Catherine wants to check coding style and other small issues
- Trent's patch on TCP labels has not been submitted yet
- Trent and Catherine deciding whether to the 2 or have 2 separate patches
---------------------
IPsec-tools submitted
---------------------
- submitted but the maintainer asked joy to put additional information
- if it doesn't work on the most recent kernels then should wait
don't want people's first experience with this to be a kernel problem
--------------------------------------
VFS polyinstantiation--patches updated
--------------------------------------
unshare
- Janak got feedback from Al Viro
restructure the patches and add other primitives
- currently only unshare of namespace, also want files and filesystems
- want to be able to be added incrementally
original code more rigid and hardcoded
- Janak made changes and unit tested
- creating patches now - hopefully out by end of day
-----------------------------------
AuditFS completion--update from Amy
-----------------------------------
- Last week hoping to get a patch out but did have some time to work on it
- starting tomorrow will be able to use majority of her time on it
so should progress more quickly now
- could use help with testing, a lot of lurking bugs
- Amy has full manual tests, but help appreciated
- Should see a post tomorrow
--------------------------------
Audit by role--patch in progress
--------------------------------
- Dustin not on the call
- He was splitting it into 3 different parts
and working on the first part
- auditctl to kernel communication, in and out of the kernel
------------------
Audit enhancements
------------------
Tim was looking at binary format with XDR
- will have a proof of concept
- no one has agreed on that format
but need to get going since test team needs that
- XDR looking promising
- Was there an issue with XDR in the past?
In previous evaluation, the person assigned to look into XDR left,
so we stayed with plain text record
- don't know what other alternatives there are
other than home grown implementation like LAuS
- Tim will do a write up and write some code
Steve rolled out another update
amtu updated
real time event dispatcher - new couple of weeks
----------
Self tests
----------
not clear on what we wanted to do
rpm verify and another script that could handle the cases that rpm verify
can't handle
-----
Roles
-----
script instead of using selinux mechanism
because don't have option of using selinux mechanism
need to define how we're going to do this composition with a script
-------------------
SELinux base update
-------------------
Dan not on the call, took day off
--------------------------------
Print--rework w/input from Klaus
--------------------------------
Matt started looking at the path Klaus suggested
- Matt just recently got back on this
- Matt started doing comparison of 1.2 version and what we've had
- started doing discovery down this
- cups maintainer is familiar of LSPP requirements, could bounce these
suggestions off of him
- Main difference is that the maintainer might not be as concerned about
evaluating the post script
What was the issue?
- Need to trust post script interpreter means needs to be part of
evaluation
- simplified in userspace with regular permissions
- preprocessor wrapper that converts everything to bitmask before putting
it in the queue
- we put it in the cups part, running cups system, not cups user
- if adding postscript somewhere in the queue, only works if have
assumptions to the postscript
simple print system?
- throwing out cups all together, to make it handle all print solutions
- not sure if there is simpler solution
- LPD for example
- not convinced
- other features you don't care about, don't matter
- not sure can make any claims about malicious hacking
- If depending on post, to take labels off of, then turns it into trusted
application
- How much complication does that add to it?
- Would be fairly easy to get bitmasks to work
Want to treat cups as trusted app?
- fine as long as its not responsible for receiving and printing the job
only printing related
- having cups included is feasible
- need assurance that its working reliably
- a few weeks before Matt could produce any code for that
- Matt should be able to work on that, but not sure if he's ready to start
down this path yet
users level or the file level?
- back in august, number of opinions
- thought level of the user
- least upper bound described in the LSPP
- pipeline generating on the user label would be the most reasonable
- good because that's the easy one we already have
- might want MCS one way, evaluated config another way
- trusted solaris, normal users can't print postscript
- traditionally its the subjects label
- in agreement for LSPP case
- Klaus: act of printing is upgraded
should be OK printing it out at the subject label
doesn't exactly match the LSPP but could argue
Self Test
- trusted solaris, punted on the self test - not needed
- maybe we don't have to meet the depth of the self test
- if you have a good case, can talk to the certifying body
- make similar argument that sun made?
- George: has Klaus looked at self test yet? yes some
Klaus: problems with protection profile wrt trying to implement role
based systems,
author of protection profile, admitted out of reasoning shouldn't
change
just because not the greatest protection profile, can't arbitrarily do
what you want
- Do we need to enhance tripwire and use that?
to do the integrity verification
---------------------------------
Device allocation, udev, and DBUS
---------------------------------
anyone looked at installing rawhide, shutting down DBUS
device allocation
patched version on sourceforge
------------------------
Cron, at, tmpwatch, etc.
------------------------
Janak posted cron patch
- don't know if anyone has had a chance to take a look at it
- posted on LSPP mailing list almost a month ago
- issue of where this is going to live?
- cron doesn't have active maintainer
40+ patches being carried along
- package maintainer was going to add option for switching out the mailer
out
- Janak thinks no one has comments because no one has looked at it yet
- want someone to put this on an MLS system
at
- Janak will at least look at how the wrapper works for at
- don't take off of tasklist yet
tmpwatch
- tmpwatch, haven't evaluated yet
----
Mail
----
Russell has some additional stuff he's looked at
------------
Package list
------------
--------------
Gaps remaining
--------------
- George will try to put out a new tasklist with updated percentages
- Klaus had issues that he thought we had to address
he still has a few questions, that we've raised here
- self testing
- hierarchical role composition
- additional audit events
- newrole, init might need additional instrumentation
- biggest gap now: testcases* and documentation
More information about the redhat-lspp
mailing list