[redhat-lspp] LSPP Development Telecon 01/15/2007 Minutes
Paul Moore
paul.moore at hp.com
Tue Jan 16 21:33:03 UTC 2007
On Tuesday, January 16 2007 3:39 pm, Joy Latten wrote:
> >On Tuesday, January 16 2007 3:06 pm, Loulwa Salem wrote:
> >> 01/15/2007 lspp Meeting Minutes:
> >> ===============================
> >
> >{snip}
> >
> >> KW: what's the status of your policy patches for ipsec Joy? and the
> >> patches I sent you regarding the cipso rules?
> >> JL: cipso also had some policy changes ... I can ping chris, but
> >> not sure if he had chance to look at them.
> >> DW: that's upstream, but do we have them in rhel policy?
> >> JL: I was looking at pauls work and would've like to have had time
> >> to create patch that merged our work. see if we can make it smaller. DW:
> >> try out the latest policy and get to me right away and we'll get the
> >> fixes in
> >
> >Klaus/Joy when you talk about the NetLabel/CIPSO changes are you referring
> > to the massive RFC patchset that I sent out in December or the smaller
> > change that Dan made in the latest policy RPMs? If this NetLabel/CIPSO
> > patch is something completely different can you share a pointer?
>
> Paul, I was referring to the big one sent out in December that
> allowed networking types to use unlabeled_t/cipso. I am not
> sure if I have seen the smaller one... do you still need the
> big patchset to be in the policy?
That's what I thought.
Last week before the LSPP concall Dan and I had a talk and he thought it best
to simply allow NetLabel/CIPSO access to all domains and create a boolean to
toggle the feature. It should be included in the MLS policy RPMs for the
past week or so.
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list