From: Paul Moore <paul.moore@hp.com>
To: James Morris <jmorris@namei.org>
Cc: David Miller <davem@davemloft.net>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
netdev@vger.kernel.org, casey@schaufler-ca.com,
etienne.basset@numericable.fr
Subject: Re: [PATCH 0/6] Labeled networking patches for 2.6.30
Date: Sat, 28 Mar 2009 08:01:47 -0400 [thread overview]
Message-ID: <200903280801.48329.paul.moore@hp.com> (raw)
In-Reply-To: <alpine.LRH.2.00.0903281158010.21619@tundra.namei.org>
On Friday 27 March 2009 08:58:52 pm James Morris wrote:
> On Fri, 27 Mar 2009, David Miller wrote:
> > From: Paul Moore <paul.moore@hp.com>
> > Date: Fri, 27 Mar 2009 17:10:20 -0400
> >
> > > This patchset wraps up all the new labeled networking bits for 2.6.30.
> > > This is mostly a fixup/cleanup release with the main focus being to
> > > correct the TCP labeling of both SELinux and Smack; expect some of this
> > > to get backported to the -stable trees but there will need to be a bit
> > > of rework first so it may take a few weeks for that to happen. Other
> > > than the TCP issue there is a new Smack feature to configure CIPSO
> > > aware hosts in "/smack/netlabel" which should make the host/network
> > > label configuration much more flexible. The last change is to get rid
> > > of the security_socket_post_accept() hook which isn't currently being
> > > used by anything in-tree and seems to act as a magnet for bad ideas; if
> > > things change we can always add it back later.
> >
> > Is James Morris going to take this stuff? Just curious...
>
> I will unless you specifically want it.
Since James had pulled the labeled networking patches the past few times I
figured he would do the same this time around. I was posting these to netdev
more as an FYI since there were some core networking changes, although they
were pretty minor and previously ACKd.
> Paul: it's probably a good idea to have this in my tree before the merge
> window opens.
Okay, I'll make sure you have the lblnet-2.6_next stuff before the merge
window opens in the future. Regardless, thanks for pulling in the patches.
--
paul moore
linux @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul.moore@hp.com>
To: James Morris <jmorris@namei.org>
Cc: David Miller <davem@davemloft.net>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
netdev@vger.kernel.org, casey@schaufler-ca.com,
etienne.basset@numericable.fr
Subject: Re: [PATCH 0/6] Labeled networking patches for 2.6.30
Date: Sat, 28 Mar 2009 08:01:47 -0400 [thread overview]
Message-ID: <200903280801.48329.paul.moore@hp.com> (raw)
In-Reply-To: <alpine.LRH.2.00.0903281158010.21619@tundra.namei.org>
On Friday 27 March 2009 08:58:52 pm James Morris wrote:
> On Fri, 27 Mar 2009, David Miller wrote:
> > From: Paul Moore <paul.moore@hp.com>
> > Date: Fri, 27 Mar 2009 17:10:20 -0400
> >
> > > This patchset wraps up all the new labeled networking bits for 2.6.30.
> > > This is mostly a fixup/cleanup release with the main focus being to
> > > correct the TCP labeling of both SELinux and Smack; expect some of this
> > > to get backported to the -stable trees but there will need to be a bit
> > > of rework first so it may take a few weeks for that to happen. Other
> > > than the TCP issue there is a new Smack feature to configure CIPSO
> > > aware hosts in "/smack/netlabel" which should make the host/network
> > > label configuration much more flexible. The last change is to get rid
> > > of the security_socket_post_accept() hook which isn't currently being
> > > used by anything in-tree and seems to act as a magnet for bad ideas; if
> > > things change we can always add it back later.
> >
> > Is James Morris going to take this stuff? Just curious...
>
> I will unless you specifically want it.
Since James had pulled the labeled networking patches the past few times I
figured he would do the same this time around. I was posting these to netdev
more as an FYI since there were some core networking changes, although they
were pretty minor and previously ACKd.
> Paul: it's probably a good idea to have this in my tree before the merge
> window opens.
Okay, I'll make sure you have the lblnet-2.6_next stuff before the merge
window opens in the future. Regardless, thanks for pulling in the patches.
--
paul moore
linux @ hp
next prev parent reply other threads:[~2009-03-28 12:03 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-27 21:10 [PATCH 0/6] Labeled networking patches for 2.6.30 Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-27 21:10 ` [PATCH 1/6] lsm: Relocate the IPv4 security_inet_conn_request() hooks Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-27 21:10 ` [PATCH 2/6] netlabel: Label incoming TCP connections correctly in SELinux Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-28 3:03 ` Casey Schaufler
2009-03-28 3:03 ` Casey Schaufler
2009-03-27 21:10 ` [PATCH 3/6] selinux: Remove the "compat_net" compatibility code Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-27 21:10 ` [PATCH 4/6] lsm: Remove the socket_post_accept() hook Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-27 21:10 ` [PATCH 5/6] netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections Paul Moore
2009-03-27 21:10 ` Paul Moore
2009-03-28 3:04 ` Casey Schaufler
2009-03-28 3:04 ` Casey Schaufler
2009-03-27 21:11 ` [PATCH 6/6] smack: Add a new '-CIPSO' option to the network address label configuration Paul Moore
2009-03-27 21:11 ` Paul Moore
2009-03-28 3:05 ` Casey Schaufler
2009-03-28 3:05 ` Casey Schaufler
2009-03-27 21:58 ` [PATCH 0/6] Labeled networking patches for 2.6.30 David Miller
2009-03-28 0:58 ` James Morris
2009-03-28 0:58 ` James Morris
2009-03-28 1:08 ` David Miller
2009-03-28 12:01 ` Paul Moore [this message]
2009-03-28 12:01 ` Paul Moore
2009-03-28 5:16 ` James Morris
2009-03-28 5:16 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200903280801.48329.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=casey@schaufler-ca.com \
--cc=davem@davemloft.net \
--cc=etienne.basset@numericable.fr \
--cc=jmorris@namei.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.