From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m830mjuL014772 for ; Tue, 2 Sep 2008 20:48:45 -0400 Received: from g4t0017.houston.hp.com (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id m830mjXu015753 for ; Wed, 3 Sep 2008 00:48:45 GMT From: Paul Moore Subject: [RFC PATCH v4 00/14] Labeled networking patches for 2.6.28 To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-security-module@vger.kernel.org Date: Tue, 02 Sep 2008 20:48:41 -0400 Message-ID: <20080903003647.15669.45349.stgit@flek.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Another updated spin of the labeled networking patches for 2.6.28. No new functionality this time around just some bug fixes, including a particularly fun one to correct the way we determine if a packet is locally generated or the result of forwarded traffic. The previous solution, check to see if (skb->sk == NULL), did not work in all cases (hint: can be triggered by certain igmp packets which can be generated by the avahi-daemon, note: the avahi-daemon appears to be the source of some interesting corner cases). Since I'm reasonable certain there are no really nasty regressions, I've added sign-offs to all the patches now. I expect there will probably be another spin or two to take care of bugs yet to be found and fix other various things that pop-up (maybe even the Smack stuff if I can find the time) but the patches are in reasonably good shape right now. I also did a test merge/compile with the September 2nd linux-next tree and there were no nasty surprises so I'm also pushing these patches to my lblnet-2.6_next tree which means you should see them in tomorrow's linux-next tree if all goes well. Any feedback, comments, or testing is appreciated. As usual, the patches can also be found here: * git://git.infradead.org/users/pcmoore/lblnet-2.6_testing Thanks. -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Moore Subject: [RFC PATCH v4 00/14] Labeled networking patches for 2.6.28 Date: Tue, 02 Sep 2008 20:48:41 -0400 Message-ID: <20080903003647.15669.45349.stgit@flek.lan> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-security-module@vger.kernel.org Return-path: Received: from g4t0017.houston.hp.com ([15.201.24.20]:24040 "EHLO g4t0017.houston.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752718AbYICAsp (ORCPT ); Tue, 2 Sep 2008 20:48:45 -0400 Sender: netdev-owner@vger.kernel.org List-ID: Another updated spin of the labeled networking patches for 2.6.28. No new functionality this time around just some bug fixes, including a particularly fun one to correct the way we determine if a packet is locally generated or the result of forwarded traffic. The previous solution, check to see if (skb->sk == NULL), did not work in all cases (hint: can be triggered by certain igmp packets which can be generated by the avahi-daemon, note: the avahi-daemon appears to be the source of some interesting corner cases). Since I'm reasonable certain there are no really nasty regressions, I've added sign-offs to all the patches now. I expect there will probably be another spin or two to take care of bugs yet to be found and fix other various things that pop-up (maybe even the Smack stuff if I can find the time) but the patches are in reasonably good shape right now. I also did a test merge/compile with the September 2nd linux-next tree and there were no nasty surprises so I'm also pushing these patches to my lblnet-2.6_next tree which means you should see them in tomorrow's linux-next tree if all goes well. Any feedback, comments, or testing is appreciated. As usual, the patches can also be found here: * git://git.infradead.org/users/pcmoore/lblnet-2.6_testing Thanks. -- paul moore linux @ hp