[redhat-lspp] Re: Initial MLS Label Printing Support

[George Wilson]

Trent Jaeger has a patch to the IPSec implicit labeling patch that adds a
getsockopt() to obtain the label of the socket.  I think his intent is to
get the IPSec kernel patch accepted, then port and submit the getsockopt()
patch.  I don't know if he is following this list, but will ping him.

As far as platform, I've been running rawhide exclusively, both x86 and
PPC.  I'd vote for a sandbox based off a stable rawhide build.  We would
rebase to a new stable build periodically whenever enough pending features
are incorporated to warrant it.

Thanks,
George Wilson
IBM LTC Security Development


Steve Grubb <sgrubb at redhat.com>@redhat.com on 08/16/2005 01:51:00 PM

Sent by:    redhat-lspp-bounces at redhat.com


To:    redhat-lspp at redhat.com
cc:
Subject:    Re: [redhat-lspp] Re: Initial MLS Label Printing Support


On Tuesday 16 August 2005 14:41, Chad Hanson wrote:
> The biggest "obstacle" with our current implementation is that currently
> "upstream" there is no way to get the label from the TCP socket.

That seems like it should be a getsocketopt(). Who is looking at the
networking extentions?

Which leads to another issue. As we get started, what source code are we
working from?Are we putting experimental code into rawhide or should we
setup
a repo based on rawhide that we work from? Who will be doing the kernel
builds as we integrate all these pieces?

My main concern with working directly off of rawhide is the turn around
time
when bugs need to be fixed. There is also the problem of having some bug in

the latest rawhide that Oopses the kernel that is unrelated to what we
areworking on.

-Steve

--
redhat-lspp mailing list
redhat-lspp at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-lspp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20050816/30273bd0/attachment.htm>