[redhat-lspp] LSPP Development Telecon 02/13/2006 Minutes

Michael C Thompson mcthomps at us.ibm.com
Thu Feb 23 21:51:48 UTC 2006 

These were taken and editted by Michael Thompson.


-----------------------
LSPP Meeting 02/20/2006
-----------------------

Known Attendees:
----------------
   Janak Desai (IBM)
   Steve Grubb (Red Hat)
   Chad Hanson (TCS)
   Chad Fellows (Tresys)
   Dustin Kirkland (IBM)
   Joy Latten (IBM)
   Michael Thompson (IBM)
   Al Viro (Red Hat)
   Klaus Weidner (atsec)
   George Wilson (IBM)
   Kris Wilson (IBM)
   Tim Chavez (IBM)
   Russel Coker (Red Hat)
   Venkat Yekkirala (TCS)

Tentative Agenda:
-----------------
        IPsec labeling, getockopt(), xinetd
        ipsec-tools
        VFS polyinstantiation
        AuditFS completion
        Audit by role
        Audit enhancements
        Audit of network events
        Print
        Device allocation, udev, DBUS, hald, hotplug
        SELinux base update
        MLS policy gaps
        Cron, mail, etc.
        Self tests, Bastille & STIG hardening
        Target date--what will/won't make it
        Unit and functional tests
        Documentation
        Remaining tasks



General:
--------
- No more status on the wiki, just in email form (had it on wiki for 
convience only)
- Standard Meeting Next Week (Attendance questioned due to up coming 
symposium)


Networking:
-----------
- No integration yet for the getsecpeer patch. Think there were some 
comments, but no change in state since last week.
- No info on IPSec, but will ping maintainer.
- Ping suggestions: cc Dave Miller was recommended last week & a nice note 
to the maintainers.
- No testing yet, but Dan Walsh's note said to just install as seperate 
moduel for test. No progress due to MLS issues.
- SetKey will need new policy rules.
- Testing to start next week (hopefully).

- Integration w/ xinetd & sshd up next.

- Venkat to try racoon on rawhide
- Patch discussion:
  - no patch posted, but asked if hybrid is acceptable, no response yet.
  - Policy update would be an update on the IPsec tools update... so not 
done anything with that yet.
  - Need to repatch / ping maintainers.


Polyinstatiation:
------------------
- Doing optimizations & improvements for usabiity. Work going into 
namespace module. Now just testing to do. 
- Changes to the namespace module are being comunity driven.


Amy & HP Progress:
------------------
- Need HP's stuff in a test kernel. Amy almost done finishing so Steve 
waiting on that to build .lspp.10
- New in lspp.9: doesn't have darrel's  and dustin's role patch, so going 
to lspp.10
  - includes dustin's fix operator

- Grubb - would like a kernel update section in the call like CAPP.
- Viro - not much happening upstream, we need a patch set ready for merge 
(applies clean, etc) when for when the window opens. Good chance that 
audit stuff will get into MM now that Andrew has the right tree.


Auditfs Patches:
----------------
- Submitted based on feedback recieved. Will try to get it signed off by 
Stephen and James.
- Tim will wait for Darrel's patch and will rebase off his.


Audit Network events:
-----------------------
- George - based off xinetd work
- So.. need progress secpeer and xinetd, etc


Print
-----
- Basically done (for audit component) but cups server component isn't 
really there. Working with Matt to get a schedule.


Udev, Dbus, Device Allocator:
----------------
- No problems


MLS policy:
----------------
- Running into interesting "features". Problems need patches or very least 
a post.

Cron:
-------------------
- Not much progress.


Self-test
------------------
- Use script approach, don't rely on STIG approach. Running out of time 
and need it done, etc.


Timeline
--------
** Urgency increasing.
** Tests / Documentation is always needed. Update existing installation 
instructions w/ hints and tips.


Open Forum:
---------------------
Klaus - any comments in putting more policy part into the configuration 
side? Friday's patch - any comments? 
Janak - Applied and it makes sense. Need parent information.
Klaus - Potentially missing, add a hook to call a script

Janak - Instance directory & sub directories can be made off instance 
directory. Can only be made off owned directories.
Viro - Changing permission on /tmp is a bad idea because a lot of stuff 
relies on it.


Dustin - Last week I can be working full time on LSPP project. 
Role-filters patch is his last patch. Joy to take over.
George - Long way to go yet, not lessening out LSPP commitment with the 
loss of people, just switching gears from dev -> test


That's all for the minutes,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060223/d6d13184/attachment.htm>

More information about the redhat-lspp mailing list