[redhat-lspp] Updated NetLabel patch
Paul Moore
paul.moore at hp.com
Tue Jun 13 17:19:29 UTC 2006
Attached is an updated NetLabel patch from June 13th (today) against the
lspp.35 sources. As before it has been quickly tested on x86, x86_64,
targeted/enforcing, and mls/permissive although not all hw/policy
combinations have been tested. If you wish to configure NetLabel to use
CIPSO please grab the June 13th release of netlabel_tools which can be
found here:
* http://free.linux.hp.com/~pmoore/projects/linux_cipso
The big changes since the last posting on June 6th are:
* Demonstrated interop between TSOL v 8 (big thanks to Ted)
* Relabeling of sockets on accept()
* The addition of the "pass through" CIPSO mapping
* Better NetLabel netlink error reporting to userspace
* Verified CIPSO option is recognized as immutable by AH
(not yet tested)
The patch stats:
CREDITS | 7
Documentation/00-INDEX | 2
Documentation/netlabel/00-INDEX | 10
Documentation/netlabel/cipso_ipv4.txt | 48
Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt | 791 ++++
Documentation/netlabel/introduction.txt | 44
Documentation/netlabel/lsm_interface.txt | 47
include/linux/ip.h | 1
include/linux/netlink.h | 1
include/net/cipso_ipv4.h | 159
include/net/inet_sock.h | 2
include/net/netlabel.h | 354 ++
net/Kconfig | 2
net/Makefile | 1
net/ipv4/Makefile | 1
net/ipv4/ah4.c | 2
net/ipv4/cipso_ipv4.c | 1749 ++++++
net/ipv4/ip_options.c | 19
net/netlabel/Kconfig | 47
net/netlabel/Makefile | 15
net/netlabel/netlabel_cipso_v4.c | 580 +++
net/netlabel/netlabel_cipso_v4.h | 201 +
net/netlabel/netlabel_domainhash.c | 629 +++
net/netlabel/netlabel_domainhash.h | 64
net/netlabel/netlabel_kapi.c | 420 ++
net/netlabel/netlabel_mgmt.c | 677 +++
net/netlabel/netlabel_mgmt.h | 248 +
net/netlabel/netlabel_unlabeled.c | 285 +
net/netlabel/netlabel_unlabeled.h | 83
net/netlabel/netlabel_user.c | 174
net/netlabel/netlabel_user.h | 42
security/selinux/hooks.c | 81
security/selinux/include/av_inherit.h | 1
security/selinux/include/av_perm_to_string.h | 2
security/selinux/include/av_permissions.h | 1
security/selinux/include/flask.h | 1
security/selinux/include/security.h | 9
security/selinux/nlmsgtab.c | 159
security/selinux/ss/ebitmap.c | 155
security/selinux/ss/ebitmap.h | 6
security/selinux/ss/mls.c | 160
security/selinux/ss/mls.h | 25
security/selinux/ss/services.c | 415 ++
security/selinux/xfrm.c | 22
44 files changed, 7652 insertions(+), 90 deletions(-)
I'll be posting a more "reviewer friendly" patchset in a week or so once
this has been out for a few days and I have had a chance to work on the
patch a bit more (discussed on Monday's concall).
--
paul moore
linux security @ hp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netlabel_06132006.diff
Type: text/x-patch
Size: 256952 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060613/603d9f2f/attachment.bin>
More information about the redhat-lspp
mailing list