[redhat-lspp] Re: [RFC][PATCH] NetLabel/CIPSO prototype patch (#2)
Paul Moore
paul.moore at hp.com
Thu May 4 14:45:05 UTC 2006
Herbert Xu wrote:
> On Wed, May 03, 2006 at 03:53:56PM -0400, Paul Moore wrote:
>>diff -purN kernel-2.6.16/net/ipv4/Makefile kernel-2.6.16-cipso_05032006/net/ipv4/Makefile
>>--- kernel-2.6.16/net/ipv4/Makefile 2006-05-02 10:40:25.000000000 -0400
>>+++ kernel-2.6.16-cipso_05032006/net/ipv4/Makefile 2006-05-02 11:25:35.000000000 -0400
>>@@ -9,7 +9,8 @@ obj-y := route.o inetpeer.o protocol
>> tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \
>> tcp_minisocks.o tcp_cong.o \
>> datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \
>>- sysctl_net_ipv4.o fib_frontend.o fib_semantics.o
>>+ sysctl_net_ipv4.o fib_frontend.o fib_semantics.o \
>>+ cipso_ipv4.o
>
> Please make the inclusion of cipso_ipv4.o optional.
>
Sorry, that is the plan. I mentioned it in the first draft but not the
draft I posted yesterday; so far I have largely ignored the Makefiles
and Kconfig stuff to focus on other things. The next draft will have
proper Makefiles and Kconfig bits.
While I am thinking about it, here are some of the larger things on my
NetLabel TODO list in case anyone is interested (in particular order):
* Improved user land configuration tools
* Make sure that the AH transform treats the CIPSO option as immutable
* Finish my patch for Ethereal (I have a version I haven't released
yet)
* Verify interoperability with other trusted OSes
* Add support for single level networks/hosts
* Check all the GFP_ATOMIC/GFP_KERNEL flags for k?alloc()
* Add support for the PEERSEC socket option
* Protect against user calls to setsockopt()
* Fix the Makefiles/Kconfig bits
* Check all of the #includes
Comments are welcome ...
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list