[redhat-lspp] LSPP Development Telecon 09/28/2005 Minutes
George Wilson
ltcgcw at us.ibm.com
Sat Oct 1 16:51:34 UTC 2005
Following are minutes from the Sept. 28 LSPP development telecon. They were
produced by Debora Velarde with minor edits from me.
-----------------------------------
LSPP Development Telecon 09/28/2005
-----------------------------------
Known Attendees:
Matt Anderson (HP)
Andrius Benokraitis (Red Hat)
Mounir Bsaibes (IBM)
Tim Chavez (IBM)
Russell Coker (Red Hat)
Janak Desai (IBM)
Darrel Goeddel (TCS)
Steve Grubb (Red Hat)
Ken Hake (IBM)
Chad Hanson (TCS)
Trent Jaeger (PSU)
Dan Jones (IBM)
Linda Knippers (HP)
Joy Latten (IBM)
Paul Moore (HP)
Emily Ratliff (IBM)
Stephen Smalley (NSA)
Michael Thompson (IBM)
Debora Velarde (IBM)
George Wilson (IBM)
Catherine Xiaolan Zhang (IBM)
Tentative Agenda:
Welcome and ground rules
Audit
IPsec labels
VFS polyinstantiation
Device allocation design
Builds and repos
Testing
Tasks and assignments
-----------------------------------
Trent's IPsec Labeling Patch Status
-----------------------------------
Trent's status first since he needs to drop off.
Made another submission to netdev.
Herbert Xu has an issue.
Trent delegated it to Catherine.
She made a proposal.
The issue: cache of flow objects and you can use these rather than reauthorizing
when you are looking to find the connection you are going to use with the
remote party.
Need to authorize this based on IPsec networking controls.
Sometimes use IPsec, sometimes may need to use IPsec, need to take care of all
combinations.
Need to enumerate all combinations and make sure all are taken care of.
IBM and TCS doing some testing.
Venkat from TCS also looking at extending nethooks to accommodate MLS.
ETA for when it will go upstream? Getting close.
Have gone thru xfrm user interface in detail.
xfrm interface shouldn't slow us down; Trent not aware of anything that uses it.
pf_key looks fine.
David Miller will revise that part of the code.
Steve Grubb: UDP question on mailing list?
Getting the label from a UDP socket where you don't really have a connection at
all.
Idea that there would be a race condition between getting the packet and
determining it's label.
Application is making the decision; it should have some control over it's socket
to ask what the last label was that it received the label for, but not sure
how reliable that is.
Needs to be looked at in more detail looking for a number of race conditions.
-----
Audit
-----
Steve Grubb just started working on audit code again.
Was working on getting statistical analysis programs working
Summary info about what is in the log.
Ausearch will find you stuff. But people will want more analytical
tools.
Steve updated ausearch, can now search on context.
Auditing of roles, still undecided on approach to take.
Still have some issues there before doing a lot of coding else will have to
rewrite a lot.
Linda: you have some ideas of how the work can be split up going forward?
Inotify integration -
Other areas help needed:
Dustin has tackled auditing by type.
Way of auditing key usage (key infrastructure in the kernel) could use
it as a covert channel.
Need to put in auditing hooks so we could see what's going on.
Couldn't we limit to admin for now?
Keyring folks are working on this.
1. David Howells doing the labelling.
2. May need to add hooks.
May need to audit based on the key used.
Key could have multiple compartments.
Steve will ask him about what the time frame is, include it or
exclude it.
Tim's status:
Amy sent him a patch before she left.
On every syscall that accesses object, want a record of that access.
Adds ability to filter on syscall, filesystem access.
Need to find places in kernel where we could put that.
Audit tag in the inode.
Audit client - finishing up everything except the main logic.
Interface kernel -> user and user -> kernel.
Plugged into API that Amy wrote.
Should be able to get alpha code out late this week or early next week.
Tim hasn't tried Amy's patch yet, but will put it into his patch set and try it.
--------------
Builds & Repos
--------------
IBM thinking of creating an internal yum repository so we can look at our
changes in context of recent rawhide build.
Do you see any value of us doing our own?
The issue with IBM creating a yum repo would be with trying to make it public.
Red Hat would probably have an easier time doing that than we would.
David not on call.
Need to have a somewhat stable build to work on.
Not sure who could do it right at this minute, Red Hat in the middle of
re-organizing and re-assigning people.
May be next week before we know who is going to be involved in this.
If David is not able to help us, Andrius can.
What would be on the repository?
The kernel.
A lot other pkgs could be safe.
One repository for all the LSPP kernel changes, or different ones? For example
one with audit changes, another with networking.
Really want something semi-stable. Want to use most of rawhide but the kernel;
want to do ours.
Would it speed up productivity if developer could push changes themselves?
Problem is it has to go thru build farm.
With previous audit group, changes and patches sent to the group and then rolled
up; put a dependency on David.
Need central place with multiple people at Red Hat having access to push
changes.
When we pick a rawhide build, would we take a snapshot, use that, and
periodically rebase?
What would be the criteria for rebasing?
Need a rolling update, composing on top of rawhide (every 10 days).
We can't get too behind rawhide (really close to what is upstream except with
extra packages)
Every 2 weeks or whenever warranted.
The kernel is the main package we need to turn around.
Only issue with rawhide it is a 24 hour turn around.
-----------------
Polyinstantiation
-----------------
Janak has a patch that is reworked based on feedback from Chris Wright.
Chris caught problems with synchronization and memory leaks.
Janak gave feedback to Ram by who is doing the shared work.
Overlaps some of the namespace work.
Hopefully this week Janak will send that out based on the latest mm tree.
Update on cron?
Cron not going to be using polyinstantiated directories.
Janak will work on cron once he's done with unshare.
Other polyinstantiated/MLS features like tmpwatch and slocate?
Others not needed for LSPP, but nice-to-have items.
Shouldn't be too much work to get them to work.
Janak volunteered.
------------------------
Device Allocation Design
------------------------
George became convinced we need this.
So we don't have users chcon'ing things themselves or auto-relabelling udev.
Wanted Dan Walsh's thoughts on that.
George will bring it up on the mailing list.
Paul Moore need some tools and libraries for device allocation.
Did work to flush out work initially done by TCS.
Sitting on a patch, waiting on license from TCS, sitting in legal now.
-----
Print
-----
CUPS patch:
2 existing CUPS patches:
1. TCS work.
2. Auditing done by HP.
CUPS people getting ready to drop major release.
Matt working on another patch to do all of the interprocess communication over
af_unix.
Then can show all 3 patches.
Suggested that Matt post patches on LSPP list.
Matt will post it to LSPP list soon.
-------
Testing
-------
Joy has put together some MLS tests.
We've reviewed internally before posting.
Joy also incorporated Steven's base SELinux tests into LTP. Still need help in
increasing the coverage.
Linda is looking into test work HP would be interested in.
IBM direction internally is to create functional tests for whatever we write
and incorporate that into LTP.
If you generate code, then you should produce the testcases as well.
Testing isn't focus, development is.
Plan is to expand the LTP.
Some items may not be appropriate for LTP, but many things are.
-------------------
Tasks & Assignments
-------------------
Folks can volunteer for assignments or we can divvy the work.
Task list is a starting point.
People are encouraged to volunteer for items.
If you are in a lead position, please help divvy up work.
Task list--can beat it up, augment it, etc.
Please help take ownership of the items.
----------------
Additional items
----------------
Joint Red Hat, TCS, IBM announcement.
Around the room, introductions.
--
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center
More information about the redhat-lspp
mailing list