[redhat-lspp] [RFC][PATCH] NetLabel/CIPSO prototype patch

Paul Moore paul.moore at hp.com
Fri Apr 7 17:47:05 UTC 2006 

Attached to this mail is a prototype patch for the CIPSO implementation 
I proposed last October here on the list.  I have also posted a copy of 
the patch here:

http://free.linux.hp.com/~pmoore/projects/linux_cipso/netlabel_orig_04072006.diff

... in case you have problems reading the attachment.  The patch is 
against the kernel 2.6.15-1.1826.2.10_FC5.

As I said earlier, I do consider this patch to be a prototype, not final 
code.  The reason I am posting this now is to hopefully collect some 
feedback on the acceptability of this implementation.  The approach in 
general seemed to be fairly well accepted, but I have a feeling several 
people were waiting for some code before they started weighing in on the 
matter.  If you could take a look at the code and post your comments I 
would greatly appreciate it.

A few notes before you dig in:

  * As this is a prototype it hasn't gone through very vigorous
    testing, just some simple unit test to make sure the basic
    functionality is in place.
  * All of the testing has taken place on a hyper-threaded uni-proc
    x86 machine so far, using both UP and SMP kernels.
  * Please ignore the Kconfig/Makefile bits, I have.  I'll fix this
    in later iterations (assuming no one throws any really big rocks
    in this first round).

Here is an overview of the patch:

  include/linux/ip.h                  |    3
  include/linux/netlink.h             |    1
  include/net/cipso_ipv4.h            |  155 +++
  include/net/netlabel.h              |  495 +++++++++++
  net/Makefile                        |    2
  net/ipv4/Makefile                   |    3
  net/ipv4/cipso_ipv4.c               | 1188 ++++++++++++++++++++++++++++
  net/ipv4/ip_options.c               |   15
  net/netlabel/Kconfig                |    9
  net/netlabel/Makefile               |    7
  net/netlabel/netlabel_cipso_v4.c    |  492 +++++++++++
  net/netlabel/netlabel_domainhash.c  |  589 +++++++++++++
  net/netlabel/netlabel_domainhash.h  |   46 +
  net/netlabel/netlabel_kapi.c        |  262 ++++++
  net/netlabel/netlabel_mgmt.c        |  673 +++++++++++++++
  net/netlabel/netlabel_types.h       |   54 +
  net/netlabel/netlabel_user.c        |  160 +++
  net/netlabel/netlabel_user.h        |   40
  security/selinux/hooks.c            |   26
  security/selinux/include/security.h |    5
  security/selinux/ss/ebitmap.c       |  153 +++
  security/selinux/ss/ebitmap.h       |    2
  security/selinux/ss/mls.c           |  158 +++
  security/selinux/ss/mls.h           |   14
  security/selinux/ss/services.c      |  168 +++
  security/selinux/ss/services.h      |    4
  26 files changed, 4720 insertions(+), 4 deletions(-)

Thanks.

-- 
paul moore
linux security @ hp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netlabel_orig_04072006.diff
Type: text/x-patch
Size: 175575 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060407/cfd4269a/attachment.bin>

More information about the redhat-lspp mailing list