[redhat-lspp] Re: Labeled Networking For LSPP: Where we are and where we need to go (quickly)
Paul Moore
paul.moore at hp.com
Fri Oct 6 16:39:55 UTC 2006
Paul Moore wrote:
> Eric Paris wrote:
>>This is great, we are getting there. But, we still need at least 3-4
>>more patches before tomorrow!!
>>
>>Patch1: finish the error propagation backport for the ipsec leak (Being
>>completed by Eric Paris)
>>Patch2: audit ipsec config changes (Being completed by Joy Latten)
>>Patch3: find and fix current issues with unlabeled_t packets that can't
>>be explained (Paul Moore and Venkat)
>
> I'm working on this but it's taking time getting all the right policy bits
> sorted so I can differentiate between SECINITSID_UNLABELED and SECINITSID_NETMSG
> as they will both show up as "unlabeled_t" in all the released policies (at
> least I think so).
>
> Venkat, if you have a policy rpm/clean-patch/tarball something it would be a
> help if you could post that or send it to me (I saw your earlier postings, but
> only the constraints were really in patch form). Or if you could verify the
> lspp.51 kernel w/o the NetLabel/secid patch (turn off patch 25008, if you want I
> can send you a diff to the spec file - it's only two lines). So far I have not
> seen any differences between the stock lspp.51 kernel and the lspp.51 kernel
> without the NetLabel/secid patch.
In case anyone wants to play with the lspp.51 minus the NetLabel/secid patch, I
put up a modified source RPM here:
* http://free.linux.hp.com/~pmoore/files
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list