Herbert Xu wrote:
On Wed, May 03, 2006 at 03:53:56PM -0400, Paul Moore wrote:diff -purN kernel-2.6.16/net/ipv4/Makefile kernel-2.6.16-cipso_05032006/net/ipv4/Makefile --- kernel-2.6.16/net/ipv4/Makefile 2006-05-02 10:40:25.000000000 -0400 +++ kernel-2.6.16-cipso_05032006/net/ipv4/Makefile 2006-05-02 11:25:35.000000000 -0400 @@ -9,7 +9,8 @@ obj-y := route.o inetpeer.o protocol tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \ tcp_minisocks.o tcp_cong.o \ datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \ - sysctl_net_ipv4.o fib_frontend.o fib_semantics.o + sysctl_net_ipv4.o fib_frontend.o fib_semantics.o \ + cipso_ipv4.oPlease make the inclusion of cipso_ipv4.o optional.
Sorry, that is the plan. I mentioned it in the first draft but not the draft I posted yesterday; so far I have largely ignored the Makefiles and Kconfig stuff to focus on other things. The next draft will have proper Makefiles and Kconfig bits.
While I am thinking about it, here are some of the larger things on my NetLabel TODO list in case anyone is interested (in particular order):
* Improved user land configuration tools * Make sure that the AH transform treats the CIPSO option as immutable * Finish my patch for Ethereal (I have a version I haven't released yet) * Verify interoperability with other trusted OSes * Add support for single level networks/hosts * Check all the GFP_ATOMIC/GFP_KERNEL flags for k?alloc() * Add support for the PEERSEC socket option * Protect against user calls to setsockopt() * Fix the Makefiles/Kconfig bits * Check all of the #includes Comments are welcome ... -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
