[redhat-lspp] LSPP Development Telecon 02/13/2006 Minutes
Michael C Thompson
mcthomps at us.ibm.com
Thu Feb 23 21:51:48 UTC 2006
These were taken and editted by Michael Thompson.
-----------------------
LSPP Meeting 02/20/2006
-----------------------
Known Attendees:
----------------
Janak Desai (IBM)
Steve Grubb (Red Hat)
Chad Hanson (TCS)
Chad Fellows (Tresys)
Dustin Kirkland (IBM)
Joy Latten (IBM)
Michael Thompson (IBM)
Al Viro (Red Hat)
Klaus Weidner (atsec)
George Wilson (IBM)
Kris Wilson (IBM)
Tim Chavez (IBM)
Russel Coker (Red Hat)
Venkat Yekkirala (TCS)
Tentative Agenda:
-----------------
IPsec labeling, getockopt(), xinetd
ipsec-tools
VFS polyinstantiation
AuditFS completion
Audit by role
Audit enhancements
Audit of network events
Print
Device allocation, udev, DBUS, hald, hotplug
SELinux base update
MLS policy gaps
Cron, mail, etc.
Self tests, Bastille & STIG hardening
Target date--what will/won't make it
Unit and functional tests
Documentation
Remaining tasks
General:
--------
- No more status on the wiki, just in email form (had it on wiki for
convience only)
- Standard Meeting Next Week (Attendance questioned due to up coming
symposium)
Networking:
-----------
- No integration yet for the getsecpeer patch. Think there were some
comments, but no change in state since last week.
- No info on IPSec, but will ping maintainer.
- Ping suggestions: cc Dave Miller was recommended last week & a nice note
to the maintainers.
- No testing yet, but Dan Walsh's note said to just install as seperate
moduel for test. No progress due to MLS issues.
- SetKey will need new policy rules.
- Testing to start next week (hopefully).
- Integration w/ xinetd & sshd up next.
- Venkat to try racoon on rawhide
- Patch discussion:
- no patch posted, but asked if hybrid is acceptable, no response yet.
- Policy update would be an update on the IPsec tools update... so not
done anything with that yet.
- Need to repatch / ping maintainers.
Polyinstatiation:
------------------
- Doing optimizations & improvements for usabiity. Work going into
namespace module. Now just testing to do.
- Changes to the namespace module are being comunity driven.
Amy & HP Progress:
------------------
- Need HP's stuff in a test kernel. Amy almost done finishing so Steve
waiting on that to build .lspp.10
- New in lspp.9: doesn't have darrel's and dustin's role patch, so going
to lspp.10
- includes dustin's fix operator
- Grubb - would like a kernel update section in the call like CAPP.
- Viro - not much happening upstream, we need a patch set ready for merge
(applies clean, etc) when for when the window opens. Good chance that
audit stuff will get into MM now that Andrew has the right tree.
Auditfs Patches:
----------------
- Submitted based on feedback recieved. Will try to get it signed off by
Stephen and James.
- Tim will wait for Darrel's patch and will rebase off his.
Audit Network events:
-----------------------
- George - based off xinetd work
- So.. need progress secpeer and xinetd, etc
Print
-----
- Basically done (for audit component) but cups server component isn't
really there. Working with Matt to get a schedule.
Udev, Dbus, Device Allocator:
----------------
- No problems
MLS policy:
----------------
- Running into interesting "features". Problems need patches or very least
a post.
Cron:
-------------------
- Not much progress.
Self-test
------------------
- Use script approach, don't rely on STIG approach. Running out of time
and need it done, etc.
Timeline
--------
** Urgency increasing.
** Tests / Documentation is always needed. Update existing installation
instructions w/ hints and tips.
Open Forum:
---------------------
Klaus - any comments in putting more policy part into the configuration
side? Friday's patch - any comments?
Janak - Applied and it makes sense. Need parent information.
Klaus - Potentially missing, add a hook to call a script
Janak - Instance directory & sub directories can be made off instance
directory. Can only be made off owned directories.
Viro - Changing permission on /tmp is a bad idea because a lot of stuff
relies on it.
Dustin - Last week I can be working full time on LSPP project.
Role-filters patch is his last patch. Joy to take over.
George - Long way to go yet, not lessening out LSPP commitment with the
loss of people, just switching gears from dev -> test
That's all for the minutes,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060223/d6d13184/attachment.htm>
More information about the redhat-lspp
mailing list