[PATCH 0/3] secid reconciliation-v01: Repost patchset with updates

[PATCH 0/3] secid reconciliation-v01: Repost patchset with updates

[Venkat Yekkirala]

The following are the changes included in this patchset since the previous post:

- Use SELinux transition rules instead of precedence when reconciling the secid's
  making it flexible/policy-driven; xfrm secid would prevail by default.
- Change the naming of access vector perms to flow_in and flow_out.
- Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net.
- Switch selinux_inet_conn_request to use secmark; cipso is still allowed to
  override secmark currently in this regard (will rely on Paul Moore at HP
  to bring cipso into the reconciliation path).

This patchset is relative to David Miller's net-2.6.19.git.

Please consider for inclusion in 2.6.19.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH 0/3] secid reconciliation-v01: Repost patchset with updates

[Venkat Yekkirala]

The following are the changes included in this patchset since the previous post:

- Use SELinux transition rules instead of precedence when reconciling the secid's
  making it flexible/policy-driven; xfrm secid would prevail by default.
- Change the naming of access vector perms to flow_in and flow_out.
- Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net.
- Switch selinux_inet_conn_request to use secmark; cipso is still allowed to
  override secmark currently in this regard (will rely on Paul Moore at HP
  to bring cipso into the reconciliation path).

This patchset is relative to David Miller's net-2.6.19.git.

Please consider for inclusion in 2.6.19.

Re: [PATCH 0/3] secid reconciliation-v01: Repost patchset with updates

[James Morris]

On Thu, 24 Aug 2006, Venkat Yekkirala wrote:

> The following are the changes included in this patchset since the previous
> post:
> 
> - Use SELinux transition rules instead of precedence when reconciling the
> secid's
>  making it flexible/policy-driven; xfrm secid would prevail by default.
> - Change the naming of access vector perms to flow_in and flow_out.
> - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net.
> - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to
>  override secmark currently in this regard (will rely on Paul Moore at HP
>  to bring cipso into the reconciliation path).

I like these changes, but wondering why you haven't supplied code for the 
outbound case ?


- James
-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 0/3] secid reconciliation-v01: Repost patchset with updates

[James Morris]

On Thu, 24 Aug 2006, Venkat Yekkirala wrote:

> The following are the changes included in this patchset since the previous
> post:
> 
> - Use SELinux transition rules instead of precedence when reconciling the
> secid's
>  making it flexible/policy-driven; xfrm secid would prevail by default.
> - Change the naming of access vector perms to flow_in and flow_out.
> - Make selinux_xfrm_sock_rcv_skb checks conditional on compat_net.
> - Switch selinux_inet_conn_request to use secmark; cipso is still allowed to
>  override secmark currently in this regard (will rely on Paul Moore at HP
>  to bring cipso into the reconciliation path).

I like these changes, but wondering why you haven't supplied code for the 
outbound case ?


- James
-- 
James Morris
<jmorris@namei.org>