From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 532A0C83000 for ; Wed, 29 Apr 2020 01:09:07 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1753820737 for ; Wed, 29 Apr 2020 01:09:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1753820737 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=vt.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.92.3) (envelope-from ) id 1jTbDK-00038H-1Z; Tue, 28 Apr 2020 21:08:38 -0400 Received: from omr2.cc.ipv6.vt.edu ([2607:b400:92:8400:0:33:fb76:806e] helo=omr2.cc.vt.edu) by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1jTbDI-000388-N9 for kernelnewbies@kernelnewbies.org; Tue, 28 Apr 2020 21:08:36 -0400 Received: from mr6.cc.vt.edu (mr6.cc.ipv6.vt.edu [IPv6:2607:b400:92:8500:0:af:2d00:4488]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id 03T18ZYe012230 for ; Tue, 28 Apr 2020 21:08:35 -0400 Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by mr6.cc.vt.edu (8.14.7/8.14.7) with ESMTP id 03T18UF7008197 for ; Tue, 28 Apr 2020 21:08:35 -0400 Received: by mail-qt1-f198.google.com with SMTP id x24so684724qta.4 for ; Tue, 28 Apr 2020 18:08:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=vdLnsogpiEBmbCBo6yfRaqAXs/EEaRPqSWIJGX1rzh4=; b=uOz4aJc69bvmeuGwrsHbUIxRpmRPsANkvKRqtTTclNgs2q+AnxKzfC56BahdUy3VN2 iAoKDAVWQVl36O58r6tNqbMxjFiccCIzigsOtT1ub8aJ8KFKZxgYTjxEJrAXc0Ppel0T sW66qOkia3hw+PUKmyaD+rYWN1bOOd9HNEvJKOfqofwFG4V5qg3PpJU5qOW5oxSBrNnC vUp7jNrgCHkwn0A0c8PFey2+jEc8Se7vB+/m3TbEcgjY0dO+sx7cPV6vM8B2KKbQMfAj RuH5jv2R8Gm67EKwt3CfSUDKkfk5kYWtxhrRf4tsHJ/2uC41bUf1P/64Gc+GjUWnCK1S BQog== X-Gm-Message-State: AGi0Pub6UJEhtAU8uA09CDch2bI6ZtPjTtFi0Zw24DItQI7Z3LrtKuS9 SNDaMkftwC5gNK4neZiAAy1/yWEFHEmzX/y++tpaxfdtA7CePkOv0azZ02Zlfv211cmOMA4PitL 4CQksw745tMOD8HjYQleQ+KLoNqkLTIK33nhpJqM= X-Received: by 2002:a0c:8262:: with SMTP id h89mr29224715qva.173.1588122509967; Tue, 28 Apr 2020 18:08:29 -0700 (PDT) X-Google-Smtp-Source: APiQypKr2auxY3XeMBiSj4icQkPWIjfR6rktcDNweY/cMSNTbcgkQ5ndKS+GcqCupGZ3lRvXPr8Cmw== X-Received: by 2002:a0c:8262:: with SMTP id h89mr29224703qva.173.1588122509655; Tue, 28 Apr 2020 18:08:29 -0700 (PDT) Received: from turing-police ([2601:5c0:c001:c9e1::359]) by smtp.gmail.com with ESMTPSA id i56sm15743084qte.6.2020.04.28.18.08.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Apr 2020 18:08:28 -0700 (PDT) From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: Suraj Upadhyay Subject: Re: Kernel Project : Implement network interface default labeling for Smack In-Reply-To: <20200428141556.GA10906@blackclown> References: <20200428141556.GA10906@blackclown> Mime-Version: 1.0 Date: Tue, 28 Apr 2020 21:08:27 -0400 Message-ID: <325669.1588122507@turing-police> Cc: casey@schauffer-ca.com, kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3897337844017760003==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============3897337844017760003== Content-Type: multipart/signed; boundary="==_Exmh_1588122507_5783P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit --==_Exmh_1588122507_5783P Content-Type: text/plain; charset=us-ascii On Tue, 28 Apr 2020 19:45:56 +0530, Suraj Upadhyay said: > I saw a kernel project on kernelnewbies.org [1]. > Which goes like this :- > > > Implement network interfce default labeling for Smack. > > > Today all unlabeled networking traffic is treated with one > > "ambient" Smack label. This project consists of taking advantage > > of mechanisms already in the labeled networking code to allow > > different labels to be assigned to packets based on the itnerface > > upon which they appeared. > > > Difficulty 5. > > I see that the project has not been done yet, as I cannot find any > described implementation, correct my if I go wrong here. > > I really want this to be my first kernel project. I am a relatively > new comer to the community, and I want to contribute in all my capacity. Note that this is a lot harder to do correctly than it looks. For starters, it's not entirely obvious that "label according to interface" is the best semantic. A better one is probably "based on packet origin" - which gets interesting now that Wireguard has landed in the kernel. VLANs need to be considered, and you *definitely* want to re-use the CONFIG_NETWORK_SECMARK code that AppArmor and SELinux use for network packets. Also, supporting CIPSO would be pretty much mandatory... And looking at Documentation/admin-guide/LSM/Smack.rst, it appears that SMACK is a lot more label-aware than the project description indicates. In any case, I'm quite sure that Casey will agree with me that "Here There Be Dragons". :) --==_Exmh_1588122507_5783P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQIVAwUBXqjTiwdmEQWDXROgAQLl8w//V5D8C8Hs4oXQWvaGrY2mUSNH66TzDMfA V+yygHMnFku2RzoXQ5C0o44J08Dc8NLN4aeyGSLazL3wI83a4camwfbR9//EB8f6 +VwhDHrFk7FpdbpWnNbgHECLw6irEQNELf9aBJRwu2GU50bdzESHuytAn3kt9Zrp rsXHFk4hq1hEgKrPgFFT9PVzZxBEMGCnPZD2OmQ16pSwbUHJm80xVvwol+fEp1fA oavdfpu/2GyJmIp4vpdoHqACxvSItnK/hM2r42z3h6m8qVDSPU9JE/sNZJuyubRo NQnXBXp4yVMbjY6oAzWDNrwSsFqVjaXovuL/sejmU0rSSmUpC9FI0k0tEv4KxHsk D7MwRr7aShBuwzdtxBP4yKZcX3dgkbr6kiBhG6EhFOJKcVY8YXjlYqnoHjMiH7f7 7rjic/deaEwTP8sLURFPsrI6k5ja0SK3jcYuFqdGCNTM4TyNVq7E6pCWqpmftux3 sr/F1SwXBCrMMc+dmU6GEMKkZa+KkW0eziWTsbTnZ0sEAPkivRqR9VwY/hMa0VK6 ixQKCeGB7p5/u8jOLWPG2rNWSl0yteNoUnuSpcp5rDd4W9byDlDihfJV4j1h1vDG uX9abceFnN2oQo6BF0Zwi6bGpx0/J9LinC6AN7wC3YrnGY1qIy2/9URdJOjDUKPV 443BnU1bdNQ= =rV9l -----END PGP SIGNATURE----- --==_Exmh_1588122507_5783P-- --===============3897337844017760003== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============3897337844017760003==--