[redhat-lspp] LSPP work items
Chris Wright
chrisw at osdl.org
Wed Oct 5 19:20:25 UTC 2005
* Klaus Weidner (klaus at atsec.com) wrote:
> On Tue, Oct 04, 2005 at 05:46:52PM -0400, Steve Grubb wrote:
> > 1.1 Objects shall include: files, named pipes (fifo), sockets, devices, shared
> > memory, message queue, semaphores. New object: kernel keys
>
> Kernel keys add many additional requirements for documentation, audit,
> and testing. I think it would be far easier to have a way to switch off
> the kernel key functionality for the evaluated config.
It's a kernel config item, so trivial to turn off. That is a maintenance
issue, however, if standard shipped config has it enabled.
> I'm not objecting to adding SELinux support to the keys, but I think it's
> an optional feature that shouldn't be needed for an initial pass for
> meeting the PP.
There's timeframe to be concerned of, there's no label support for key
infrastrucuture yet (although patches have recently been posted to add
LSM support, so likely not a real issue).
thanks,
-chris
More information about the redhat-lspp
mailing list