From: Paul Moore <paul.moore@hp.com>
To: James Morris <jmorris@namei.org>
Cc: netdev@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 0/2] A bugfix patchset for NetLabel
Date: Mon, 18 Dec 2006 11:24:37 -0500 [thread overview]
Message-ID: <4586C0C5.4010502@hp.com> (raw)
In-Reply-To: <XMMS.LNX.4.64.0612151840370.26929@d.namei>
James Morris wrote:
> On Fri, 15 Dec 2006, paul.moore@hp.com wrote:
>
>>This patch set fixes two bugs that were found recently when adding new CIPSOv4
>>DOI definitions. These patches are pretty small and have been tested by a few
>>different people on several different platforms.
>
> Applied to git://git.infradead.org/~jmorris/selinux-2.6#fixes
Thanks.
>>Please apply these for 2.6.20 and they should probably be pushed to the 2.6.19
>>stable tree as well; is there anything special I need to do for that?
>
> I'm not sure that they qualify.
>
> The first is a privileged operation, right?
Yes it is, you need CAP_NET_ADMIN. I guess this probably isn't that important
for 2.6.19 then ...
> For the second, what are the implications of mapping to zero?
>
> Also review Documentation/stable_kernel_rules.txt.
[Thanks for the pointer, didn't know that file was there]
... however, I still think this might qualify for the 2.6.19 stable kernel.
When a MLS sensitivity level or category maps to zero then whenever the NetLabel
subsystem is called to resolve the security attributes of a packet it will, in
certain configurations, return security attributes/contexts which are incorrect.
Please let me know if you think that has merit for the stable tree and I'll send
the patch to the stable mailing list.
--
paul moore
linux security @ hp
prev parent reply other threads:[~2006-12-18 16:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-15 21:49 [PATCH 0/2] A bugfix patchset for NetLabel paul.moore
2006-12-15 21:49 ` [PATCH 1/2] NetLabel: perform input validation earlier on CIPSOv4 DOI add ops paul.moore
2006-12-15 21:49 ` [PATCH 2/2] NetLabel: correctly fill in unused CIPSOv4 level and category mappings paul.moore
2006-12-16 1:19 ` [PATCH 0/2] A bugfix patchset for NetLabel James Morris
2006-12-18 1:14 ` David Miller
2006-12-18 16:24 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4586C0C5.4010502@hp.com \
--to=paul.moore@hp.com \
--cc=jmorris@namei.org \
--cc=netdev@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).