From: Xiaolan Zhang [EMAIL PROTECTED]
Date: Tue, 6 Jun 2006 10:55:58 -0400
Singned-off-by: Catherine Zhang [EMAIL PROTECTED]
James, is this enough or do I need to modify the original patch to add the
above line? The code was taken from various pieces of patches originally
from Trent and
From: David Miller [EMAIL PROTECTED]
Date: Thu, 08 Jun 2006 23:40:03 -0700 (PDT)
From: Xiaolan Zhang [EMAIL PROTECTED]
Date: Tue, 6 Jun 2006 10:55:58 -0400
Singned-off-by: Catherine Zhang [EMAIL PROTECTED]
James, is this enough or do I need to modify the original patch to add the
Singned-off-by: Catherine Zhang [EMAIL PROTECTED]
James, is this enough or do I need to modify the original patch to add the
above line? The code was taken from various pieces of patches originally
from Trent and merged/modified by me. Let me know what else I need to do.
thanks,
Catherine
Hi,
This is resubmit of the LSM-IPsec fix patch rebased against
Linux version 2.6.17-rc4-mm3.
As always, comments are welcome!
Catherine
---
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no
On Mon, 5 Jun 2006, Catherine Zhang wrote:
Looks ok to me, except for one minor nit:
+ if (ctx) {
+ rc = avc_has_perm(tsec-sid, ctx-ctx_sid,
+ SECCLASS_ASSOCIATION,
+ ASSOCIATION__SETCONTEXT, NULL);
+ }
you don't need the braces here (similar
Hi,
Minor fix per James' comment.
thanks,
Catherine
--
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to
On Tue, 6 Jun 2006, Catherine Zhang wrote:
Minor fix per James' comment.
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
On Tue, 6 Jun 2006, Catherine Zhang wrote:
Minor fix per James' comment.
Can you also add a Signed-off-by line?
I can't recall if you were the original author. If not, we also need a
From line (per Documentation/SubmittingPatches).
Thanks,
--
James Morris
[EMAIL PROTECTED]
-
To
From: James Morris [EMAIL PROTECTED]
Date: Tue, 6 Jun 2006 01:37:04 -0400 (EDT)
On Tue, 6 Jun 2006, Catherine Zhang wrote:
Minor fix per James' comment.
Can you also add a Signed-off-by line?
I can't recall if you were the original author. If not, we also need a
From line (per
From: Trent Jaeger [EMAIL PROTECTED]
Date: Mon, 16 Jan 2006 21:54:13 -0500
We want to limit the modification of security contexts only to the
minimal set of programs (e.g., setkey and racoon). SELinux generally
restricts root programs to least privilege rights, such that a root
program
Minor fixes, per James' comment.
thanks,
Catherine
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete IPsec policies and security
assocations with security
On Mon, Jan 16, 2006 at 06:10:53PM -0500, cxzhang wrote:
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to
On Mon, 16 Jan 2006, cxzhang wrote:
+++ linux-2.6.15-mm3-cxzhang/net/key/af_key.c2006-01-13 18:41:02.0
-0500
@@ -1454,6 +1454,9 @@ static int pfkey_delete(struct sock *sk,
if (x == NULL)
return -ESRCH;
+if ((err = security_xfrm_state_delete(x)))
+
Hi,
After discussion with Stephen Smalley and James Morris, we decided to
change the SELinux authorization from relabel to testing for a security
operation (set_ipsec). That is, a process must have the authority to
set IPsec security contexts in order to create or delete IPsec policy
or SA
15 matches
Mail list logo