[redhat-lspp] A quick HOW-TO on using the new CIPSO tag types
Paul Moore
paul.moore at hp.com
Wed Nov 29 19:32:36 UTC 2006
Eric Paris wrote:
> On Wed, 2006-11-29 at 13:54 -0500, Paul Moore wrote:
>
>>I just posted a set of patches to the netdev and SELinux mailing lists which add
>>two new CIPSO tag types from the IETF draft. These two new types allow you to
>>transmit categories greater than 240. See the draft for details:
>>
>> * http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379
>>
>>For those of you who want to play with the patches you can do so with the
>>netlabel_tools you currently have; the only change is that instead of always
>>specifying "tags:1" when adding a CIPSO DOI definition you can now use tag types
>>"2" and "5", or a combination. Examples below:
>
> As of right now I do not foresee this going into RHEL5 GA and thus would
> not be part of the current LSPP certification. It's possible that such
> a patch could make U1 but that would be too late for certification. So
> I'm not sure how this howto is applicable to the LSPP effort underway.
> This howto will clearly be of interest when we do the RHEL6 lspp effort
> some day down the line. If I'm misunderstanding what is needed to meet
> LSPP and this is somehow required please let me know so we can talk
> about what needs to be done.
I posted the how-to on the LSPP mailing list because this has become the place
where most MLS discussions take place, regardless of whether or not they are
related to the current LSPP efforts of RH, HP, IBM, etc. I do not expect the
latest patches to be included in RHEL5; I submitted the patches and the how-to
because life goes on outside the evaluation ... and, well, it's more fun than
the other things I have to work on :)
In the future I can post these things elsewhere if it cuts down on the confusion?
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list