George C. Wilson wrote:
On Tue, May 16, 2006 at 12:44:39PM -0400, Stephen Smalley wrote:
On Mon, 2006-05-15 at 19:29 -0500, George C. Wilson wrote:
Please find the latest development status attached. Tasks marked 100% are
complete. I'll start pulling them either into a separate list, or filtering
them out entirely, depending on what the community prefers.
Hi,
I see that the keyring task has been assigned to Dan and is allegedly
90% complete? What does that mean, precisely? No one has implemented
SELinux hook functions and permission checks for the LSM keyring hooks
yet AFAIK. Is that something that we still need?
--
Stephen Smalley
National Security Agency
Yes, you're right. David Howells' keyring hooks went in. The LSMs need to be
updated to implement those hooks. I was under the impression that work was
done. But it wasn't. The ultimate answer is that somebody needs to do that
for SELinux, which I'd like to think should be a fairly small task. But I
thought we had a way to restrict keyring operations to admins w/DAC for the
evaluated configuration, which is why it is marked 90%. If not, we have hooks
to implement. There would be no policy for them in the evaluated
configuration.
Most all the items started out with either Steve Grubb or my name as the
default owner. In the Jan. 24 requirements, the ownership of the keyring item
changed to Dan. Either Dan must have expressed interest in it, or Dan or
Steve explicitly asked me to assign it.
I remember saying I would write policy when these access checks
arrive. But I am not adding the access checks.
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
