Another updated NetLabel patchset, the big changes this time include a rework of the SELinux hooks based on some comments from Stephen and some minor tweaking of the netlink message formats so that each "field" is now aligned, similar to the netlink attributes. FWIW, I looked at using the netlink attributes themselves but it didn't seem to offer any real advantage over the current system so I decided to just better align the current "fields".
As far as the kernel patch goes there are really only two things left on my ToDo list: * Unlabeled packet check (right now we fall through to the xfrm check) * Protection against setsockopt() Both of these seem to be dependent on the outcome of RH BZ #195238 as these both would require policy additions so we need a way to en/disable these new features. The second item, greater setsockopt() granularity, could be considered optional and done at a later date. The first item is a bit more important but if pressed I imagine we could defer that as well; it is just a little strange without it. Due to the change in the netlink message format you will need to grab a new copy of netlabel_tools, version 0.15. The tarball can be found here: * http://free.linux.hp.com/~pmoore/projects/linux_cipso -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
