On Tue, May 16, 2006 at 12:44:39PM -0400, Stephen Smalley wrote: > On Mon, 2006-05-15 at 19:29 -0500, George C. Wilson wrote: > > Please find the latest development status attached. Tasks marked 100% are > > complete. I'll start pulling them either into a separate list, or filtering > > them out entirely, depending on what the community prefers. > > Hi, > > I see that the keyring task has been assigned to Dan and is allegedly > 90% complete? What does that mean, precisely? No one has implemented > SELinux hook functions and permission checks for the LSM keyring hooks > yet AFAIK. Is that something that we still need? > > -- > Stephen Smalley > National Security Agency >
Yes, you're right. David Howells' keyring hooks went in. The LSMs need to be updated to implement those hooks. I was under the impression that work was done. But it wasn't. The ultimate answer is that somebody needs to do that for SELinux, which I'd like to think should be a fairly small task. But I thought we had a way to restrict keyring operations to admins w/DAC for the evaluated configuration, which is why it is marked 90%. If not, we have hooks to implement. There would be no policy for them in the evaluated configuration. Most all the items started out with either Steve Grubb or my name as the default owner. In the Jan. 24 requirements, the ownership of the keyring item changed to Dan. Either Dan must have expressed interest in it, or Dan or Steve explicitly asked me to assign it. -- George Wilson <[EMAIL PROTECTED]> IBM Linux Technology Center -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
