|Main Archive Page > Month Archives > selinux archives|
This is an update to the patcheset sent earlier this week and the first time these patches have been sent to the LSM list. The most notable change between this patchset and the "v5" patches is the addition of the fallback/static label patches that were discussed on the SELinux list a few months ago. In addition to just porting the old fallback/static patches I've added the concept of a "default" interface as well as some intelligence in the SELinux layer to allow the NetLabel provided fallback label to play nicely with XFRM labels when both are present on a connection. This should help address issues found in the earlier versions of the fallback/static label patches. This patchset does not include Venkat's flow control patches, but Venkat has promised that they will be ready very soon; when they are I will merge them into this patchset. On a similar note, the new "peer" SELinux object class in this patchset isn't usable with currently released SELinux policies so you'll still be using the separate, labeling protocol specific, access checks.
I have to caution against using these patches for anything critical as they are still a "work in progress" and have only received minimal testing. However, I know there are a few of you who are very interested in this functionality and have offered to help with the testing so I'm posting the patches in this early state so we can get a jump shaking the bugs out. For those of you who are playing with these patches, there are a few things worth noting:
To configure the new fallback/static labels you use the following netlabelctl commands:
If you have any questions/problems/comments feel free to either drop me mail privately or post something to the list.
Thanks. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html