[redhat-lspp] LSPP Development Telecon 11/28/2005 Minutes

George Wilson gcwilson at us.ibm.com
Tue Nov 29 13:55:14 UTC 2005 




---------------
Known Attendees
---------------

Matt Anderson (HP)
Mounir Bsaibes (IBM)
Amy Griffis (HP)
Steve Grubb (Red Hat)
Linda Knippers (HP)
Joy Latten (IBM)
Paul Moore (HP)
Chad Sellers (Tresys)
Dan Walsh (Red Hat)
Klaus Weidner (atsec)
George Wilson (IBM)
David Woodhouse (Red Hat)
Catherine Zhang (IBM)

------------------------
IPsec Labeled Networking
------------------------

Nethooks went upstream.
getsockopt() work is in progress.
Most get opts for unix domain datagrams.
In debugging stage.
Moving to UDP will be straightforward.
Want to make sure it works with message header first.
Can get necessary info from secpath in sk_buff.
Nethooks in 2.6.15-rc2-mm1; should go into 2.6.16.
Joy testing ipsec-tools with David's kernel.
Will go ahead and submit it
What is the state of TCS MLS enhancements to nethooks?

------------------
Auditfs Completion
------------------

Amy:  Still sidetracked by other tasks; hopes to get audit fs alpha out to
list by next week.
Chatted w/Tim on IRC.
Want to have something that actually works before releasing it.
George:  Can it make 2.6.16?
David:  Too late for 2.6.16; should already be in mm tree and have some
testing.
Amy to give update on schedule next week.

------------------
Audit Enhancements
------------------

Audit by role is still an issue.
Filter in userspace?
Steve:  No.  Could jam netlink connection.
Need to look at the policy compiler.
SELinux is based on SIDs.
Have compiler look at roles and types to compose SIDs from bit fields
rather than sequence.
SELinux comparisons wouldn't have to change; just policy.
George:  Wouldn't that severely restrict the number of possible roles, etc.
given 32-bit SIDs?
Steve:  Yes.  But can have variable size bitfields to encode data.
George:  I thought a hash table might be an option.
Still thinking through but that's one possible approach.
Need to discuss on list.

Dustin (IM):  When will audit 2.0 be available?
Steve:  Aug or Sept.
1.2 audit around Jan.

Mounir:  What about binary record format?
Want to get it early to have period for stabilization.
George:  Test would like an API ASAP.
Steve:  Need to wait.
Lots of things still need to be done for watches and rules.
That work hasn't happened yet.
More fields need to go into kernel side--e.g., need to report results of
operation--success or fail.
Userspace is fairly stable.  But not all of userspace patches done.
George:  How would we like APIs to look?
API could hide record format.
Steve:  Name-value pairs.
Should be easily usable by languages in addition to C.
George post API proposal to audit list.

Tim:  Will plugin stuff be in audit 1.2?
Steve:  Yes.
Will release 1.1.1 this week.
Basic plugin system will be in FC5T2--have until Dec 15. to solidify audit.

----------
Self Tests
----------

No conclusion on Self Tests.
Klaus was thinking RPM could do its own configuration; script would rewrite
checksums into RPM db.
That solution is not workable according to RPM folks; prelink is a problem.
Tripwire is more flexible.
George:  What would it entail?
Steve:  Would have to bring tripwire up-to-date.
Would have to teach it about prelink and EAs.
It will not work out of the box.
Chad:  AIDE (Advanced Intrusion Detection Environment) is something else to
look at.
On sourceforge; it's GPL, too.

-----
Roles
-----

George:  Klaus had concerns about role composition.
Dan:  To compose w/dominance relation, need to write policy.
Already have tools to extract role data for a user.
George:  May have an issue with roles composition.
Could SELinux user == role?
Dan:  Place on list and get an opinion.

------------
SELinux Base
------------

Dan:  Rawhide policy is all based on reference policy.
On schedule now.

Steve:  Speaking of test, set selinux=disabled in /etc/selinux/config.
Got 150 oopses.
Tim:  Can you post the oops?
Steve:  No connectivity to machine right now.
Audit inode context; Tim had same problem prior to Dustin's fixes.

Dan:  SEManage is new tool; manage SELinux users and map to Linux users;
can configure additional ports.
Python i/f to manage SELinux DB.
Unix mappings work; adding SELinux users.
In policycoreutils tomorrow night in Rawhide.
auidtoallow now generates reference policy; written in python now.
Can generate policy modules more simply than manipulating local.te and
installing policy sources.

George:  Good time for me to run Coverity?
Libsemanage has settled down, mostly because Ivan is in finals.
Run Coverity on libselinux first, then libsepol.
Now most libraries have python bindings.
Will be able to build simple tools to test out stuff.

-----
Print
-----

Matt:  Had been some discussion on fedora-selinux mailing list when posted
list.
Couple of notes w/Mike; looked over patches; need to generate READMEs for
them.
Concerned w/original TCS patch.
Code that did filter at last stage that resized output to leave room for
label.
Customer feedback that they are opposed to that; no definitive solution.
CUPS maintainer is aware of requirement; but nothing working with previous
CUPS approach.
Local listener patch may not be needed given features in CUPS 1.2.
Was interested in seeing how it would get put together in final form.
Seems willing to work with us to meet needs.
Has worked w/gov't and has an idea of trusted print requirements.
Once responsibilities cleared, will email more and post some discussions.

----------
Subsystems
----------

George:  We need to try DBUS/hotplug/udev with bringup and shutdown into
static config.

Does cron patch have mailer option yet?
Steve:  He wanted it in T1; should be there; if not, soon.

Xinetd--Steve:  laid out design principles on mailing list a few months
back.
George:  There needed to be some authorization config for services wrt
levels and categories?
More work on this after Catherine makes patch available.
Both UDP and TCP have to supported by xinetd.

Need to analyze NSA SELinux tescases and rebase to reference policy if
necessary.
Should be the same but may not.
Joy to look at.
Red Hat QA is running LTP version of SELinux testcases.

Hierarchical roles:  role to have all users role.
Klaus:  Don't have to have it a low level; need to get result that is
equivalent.
Point here for hierarchical roles is to make admin easy; could be script.
Still picturing a static policy for roles; handful of predefined roles; can
combine users in roles via a tool.
Could map user to SELinux admin user rather than SELinux.
Preferable to have more flexibility but static roles could meet
requirements.

Thanks,
George Wilson
IBM Linux Technology Center
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20051129/fc8c2d82/attachment.htm>

More information about the redhat-lspp mailing list