Re: [RFC][PATCH] selinux: support distinctions among all network address families

On Fri, Dec 9, 2016 at 8:47 AM, Stephen Smalley wrote: > On 12/06/2016 10:04 AM, Stephen Smalley wrote: >> On 12/06/2016 09:10 AM, Richard Haines wrote: >>> Not sure if helpful but I plan to submit the SCTP patch next week after >>> testing on Fedora 25 with kernel 4.8.11. >>

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On 12/06/2016 10:04 AM, Stephen Smalley wrote: > On 12/06/2016 09:10 AM, Richard Haines wrote: >> On Mon, 2016-12-05 at 17:54 -0500, Paul Moore wrote: >>> On Mon, Dec 5, 2016 at 9:11 AM, Stephen Smalley >>> wrote: On 12/02/2016 05:39 PM, Paul Moore wrote: > On Fri,

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On Tue, Dec 6, 2016 at 9:10 AM, Richard Haines wrote: > On Mon, 2016-12-05 at 17:54 -0500, Paul Moore wrote: >> On Mon, Dec 5, 2016 at 9:11 AM, Stephen Smalley >> wrote: >> > On 12/02/2016 05:39 PM, Paul Moore wrote: >> > > On Fri, Dec 2, 2016

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On 12/01/2016 01:03 PM, Stephen Smalley wrote: > On 12/01/2016 12:28 PM, Guido Trentalancia wrote: >> Hello again Stephen and Paul. >> >> On Thu, 01/12/2016 at 10.57 -0500, Stephen Smalley wrote: >>> On 12/01/2016 10:07 AM, Stephen Smalley wrote: >> >> [...] >> >>> A couple of notes on this

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On 12/01/2016 12:28 PM, Guido Trentalancia wrote: > Hello again Stephen and Paul. > > On Thu, 01/12/2016 at 10.57 -0500, Stephen Smalley wrote: >> On 12/01/2016 10:07 AM, Stephen Smalley wrote: > > [...] > >> A couple of notes on this change: >> >> - To fully test (beyond just confirming that

Re: [RFC][PATCH] selinux: support distinctions among all network address families

Hello Stephen. Glad to hear that this is making its way into the kernel ! On Thu, 01/12/2016 at 10.07 -0500, Stephen Smalley wrote: > Extend SELinux to support distinctions among all network address > families > implemented by the kernel by defining new socket security classes > and mapping to

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On 12/01/2016 10:57 AM, Stephen Smalley wrote: > On 12/01/2016 10:07 AM, Stephen Smalley wrote: >> Extend SELinux to support distinctions among all network address families >> implemented by the kernel by defining new socket security classes >> and mapping to them. Otherwise, many sockets are

Re: [RFC][PATCH] selinux: support distinctions among all network address families

On 12/01/2016 10:07 AM, Stephen Smalley wrote: > Extend SELinux to support distinctions among all network address families > implemented by the kernel by defining new socket security classes > and mapping to them. Otherwise, many sockets are mapped to the generic > socket class and are

[RFC][PATCH] selinux: support distinctions among all network address families

Extend SELinux to support distinctions among all network address families implemented by the kernel by defining new socket security classes and mapping to them. Otherwise, many sockets are mapped to the generic socket class and are indistinguishable in policy. This has come up previously with