From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m833mAc1003924 for ; Tue, 2 Sep 2008 23:48:11 -0400 Received: from smtp108.prem.mail.sp1.yahoo.com (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with SMTP id m833mAXu020397 for ; Wed, 3 Sep 2008 03:48:10 GMT Message-ID: <48BE08F4.3040604@schaufler-ca.com> Date: Tue, 02 Sep 2008 20:48:04 -0700 From: Casey Schaufler MIME-Version: 1.0 To: Paul Moore CC: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [RFC PATCH v4 00/14] Labeled networking patches for 2.6.28 References: <20080903003647.15669.45349.stgit@flek.lan> In-Reply-To: <20080903003647.15669.45349.stgit@flek.lan> Content-Type: text/plain; charset=UTF-8; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Paul Moore wrote: > Another updated spin of the labeled networking patches for 2.6.28. No new > functionality this time around just some bug fixes, including a particularly > fun one to correct the way we determine if a packet is locally generated or > the result of forwarded traffic. The previous solution, check to see if > (skb->sk == NULL), did not work in all cases (hint: can be triggered by > certain igmp packets which can be generated by the avahi-daemon, note: the > avahi-daemon appears to be the source of some interesting corner cases). > > Since I'm reasonable certain there are no really nasty regressions, I've added sign-offs to all the patches now. I expect there will probably be another > spin or two to take care of bugs yet to be found and fix other various things > that pop-up (maybe even the Smack stuff if I can find the time) I'm pulling the git right now, much to the annoyance of one particular skype user. Snicker. I've only been able to fiddle around, we'll see how far I get. > but the > patches are in reasonably good shape right now. I also did a test > merge/compile with the September 2nd linux-next tree and there were no nasty > surprises so I'm also pushing these patches to my lblnet-2.6_next tree which > means you should see them in tomorrow's linux-next tree if all goes well. > > Any feedback, comments, or testing is appreciated. As usual, the patches can > also be found here: > > * git://git.infradead.org/users/pcmoore/lblnet-2.6_testing > > Thanks. > Thank you, you're the one doing the work. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: [RFC PATCH v4 00/14] Labeled networking patches for 2.6.28 Date: Tue, 02 Sep 2008 20:48:04 -0700 Message-ID: <48BE08F4.3040604@schaufler-ca.com> References: <20080903003647.15669.45349.stgit@flek.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-security-module@vger.kernel.org To: Paul Moore Return-path: In-Reply-To: <20080903003647.15669.45349.stgit@flek.lan> Sender: linux-security-module-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Paul Moore wrote: > Another updated spin of the labeled networking patches for 2.6.28. No new > functionality this time around just some bug fixes, including a particularly > fun one to correct the way we determine if a packet is locally generated or > the result of forwarded traffic. The previous solution, check to see if > (skb->sk == NULL), did not work in all cases (hint: can be triggered by > certain igmp packets which can be generated by the avahi-daemon, note: the > avahi-daemon appears to be the source of some interesting corner cases). > > Since I'm reasonable certain there are no really nasty regressions, I've added sign-offs to all the patches now. I expect there will probably be another > spin or two to take care of bugs yet to be found and fix other various things > that pop-up (maybe even the Smack stuff if I can find the time) I'm pulling the git right now, much to the annoyance of one particular skype user. Snicker. I've only been able to fiddle around, we'll see how far I get. > but the > patches are in reasonably good shape right now. I also did a test > merge/compile with the September 2nd linux-next tree and there were no nasty > surprises so I'm also pushing these patches to my lblnet-2.6_next tree which > means you should see them in tomorrow's linux-next tree if all goes well. > > Any feedback, comments, or testing is appreciated. As usual, the patches can > also be found here: > > * git://git.infradead.org/users/pcmoore/lblnet-2.6_testing > > Thanks. > Thank you, you're the one doing the work.