Re: [RFC PATCH v3 00/13] Labeled networking patches for 2.6.28 | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Aug 21, 2008, at 4:25 PM, Paul Moore wrote:
Another update to the labeled networking patches for 2.6.28. This revision adds some small fixes, the dead-code removal patch posted earlier, and the bigaddition ... wait for it ... full LSM label/context support for localconnections. This is accomplished by creating a new, private CIPSO tag type (allowed by the spec with a tag number > 127) which carries the LSM's secid value, allowing full LSM contexts to be carried across local connectionswithout the headaches of labeled IPsec.For those of you interested in testing this out, you will need the latest from the netlabel_tools addrsel branch, revision 74 or higher should work. If you enable the new local labeling you will almost certainly need to run SELinux in permissive mode since I'm fairly certain the current policies don't have the necessary allow rules. With that said, enabling the new locallabeling is pretty easy ...
Paul created a 2.6.26 patch which I've been testing with excellent results in Fedora 9. Local (lo and ethN) labeled networking is more reliable than the IPSec equivalent and does not have the IPSec SA creation latency. I'll push this to a larger set of developers and testers next week and report any issues.
joe -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Kernel List] [Site Home] [Ethernet Bridging] [Git] [IETF Annouce] [Linux Assembly] [VLAN] [Networking] [Security] [Bugtraq] [Rubini] [Photo] [Singles Social Netowrking] [Yosemite] [MIPS Linux] [ARM Linux] [Linux Virtualization] [Linux Security] [Linux IDE] [Linux RAID] [Linux SCSI] [Linux Wireless] [DDR & Rambus] [Free Dating] [Linux Resources] [Wireless Reading Device]
|
|