08/14/2006 lspp Meeting Minutes:
===============================
Attendees
Joy Latten (IBM) - JL
Loulwa Salem (IBM) - LS
Debora Velarde (IBM) - DV
Thiago Bauermann (IBM) - TB
Al Viro (Red Hat) - AV
Steve Grubb (Red Hat) - SG
Linda Knippers (HP) - LK
Lisa Smith (HP) - LMS
Amy Griffis (HP) - AG
Matt Anderson (HP) - MA
Chad Hanson (TCS) - CH
Bill O'Donnel - BO
Tentative Agenda:
LS: Hi everyone, I am moderating this meeting for George who is on vacation this
week.
Kernel update
-------------
LS: Al, are there any kernel updates that you would like to give us?
AL: No, nothing
AuditFS/inotify
---------------
LS: is there anything for this item
AG: Not sure what agenda you have, but I believe we decided this item should
be removed from the agenda.
LS: Ok, I'll make a note to remove it.
LSPP kernel issues
------------------
LS: Steve, any updates regarding the lspp kernel?
SG: nothing much. All the patches are in rawhide, so people should be
testing against rawhide. if there are any bugs, then I will get out
another lspp kernel
LK: all the patches including the networking patch are there.
TB: does it have secmark in it?
SG: yes it is there, there is some userspace integration work to be done but
that's in the kernel
TH: Ok, is the MLS policy updated to support secmark. My understanding
secmark needs few rules in the policy. are they there?
SG: don't think so, there is still work to be done in iptables, and some
init scripts. I am not sure if it will be done this week. There is a
bugzilla tracking this, but I don't have the number now. Just search on
secmark.
TB: is that the RedHat bugzilla?
SG: yes it is.
Audit userspace
---------------
LS: Steve, any updates on audit user space?
SG: I am still working on it. I just got back from vacation and just got
done sorting through emails, I'm ready to start coding again. I will
work on xinetd first. Sometime this week I hope to get audit-1.2.6 out
to fix two seg-fault in aureport and hope to have to -p support as well
so that we can start testing that.
LS: thanks Steve.
Print
-----
LS: Matt, is there any update on print?
MA: finishing up updated lspp patch to add support for audit fail action
work that Lisa did. I need to create a bugzilla entry as well. I've been
doing some stuff with ranges and working with Dan on that.
LS: great, thanks Matt.
SELinux base update
-------------------
LS: I didn't hear Dan on the call, anyone has update on this item
LK: Dan is on vacation this week.
MLS policy issues
-----------------
LS: so nothing on this either since Dan is on vacation
Roles
-----
LS: Mike is at LWE this week, but as far as I know there has not been any
problems with roles lately.
CIPSO
------
LS: Didn't hear Paul on the call either, anyone has an update on that?
LK: Paul is also on vacation. CIPSO is in rawhide kernel. There is at least
one bug that we know about that got introduced when we integrated lsm
patch from venkat. but is all, it looks good.
SG: I need to start preparing user space piece of that for inclusion in the
distribution.
LK: Steve did you get my email?
SG: yes, we will have to work through that.
LK: It would be good to get feedback on the command line option. I can also
get it to crash sometimes. If I follow Paul's instruction then it works.
SG: yeah, I'm also not sure about the daemon part of it
LK: It might have things to get tweaked in order to get it through the
RedHat acceptance process. He provided a test spec file, that also still
needs testing.
SG: yes, we need to test the spec file.
LK: what's there is good to get started for now, and if any bugs come up
we'll respond to them.
SG: ok, I'll start the process of getting it included, get in Fedora Extras
to prepare it for rhel. We don't have lots of time, I think it needs to
be done around beginning of September to make it in beta 2
LK: we were wondering about beta 2 dates. We don't have a freeze date, do
you know Steve?
SG: I don't have them, but shoot for September 8-10. That will be early
enough to
get them in, and should be safe.
LS: so I'll put our date to get things in as September 8-10.
SG: That's only for CIPSO, everything else should be in as soon as possible.
for CIPSO we are allowing more time, since it was taken into the kernel
late. Everything else we need to wrap up this week or next week.
LS: ok, I made a note of that.
IPsec: MLS, UNIX domain secpeer, xinetd (xinetd - STEVE)
-----------------------------------------
LS: Steve, you mentioned xinetd earlier, anything else to add here?
SG: no, I will work on it this week. There were some emails flying around
about racoon, anything happened on that. I remember Joy and Venkat were
talking about a patch, did it go to the lspp mailing list?
LS: Joy, do you have an update on that?
JL: I am trying to recall that. what was it about?
SG: Venkat wanted you to give an update. If you remember we were racing to
get it in beta 1, but it didn't make it and I didn't see it after that.
JL: I'll check on that and post something
LS: Ok, so we'll take this discussion to the list
ipsec-tools: SPD dump and racoon base + MLS
--------------------------------------------
LS: any updates here?
CH: Venkat is on vacation, but the SPD dump issue is not resolved yet.
JL: Ok, Venkat sent me a racoon patch, and I'll integrate it with some of
the changes I made. I'll send to the lspp list, and to the ipsec tools
list.
SG : yes that's what I was looking for earlier.
LS: ok great .. thanks Joy.
Single-user mode
-----------------
LS: Dan is on vacation, so we'll get an update when he gets back
Self tests
----------
LS: George told me before he left that there is no updates on self tests. I
think he'll work on it when he gets back next week.
VFS polyinstantiation
----------------------
LS: Janak is out as well, and I don't have an update on this.
SG: for Cron, a patch is already integrated. Open bugzillas if there are any
bugs, we need testing basically.
LK: Any one knows if there are any instructions on how to set it up with
polyinstaniation. I can look through the mail and see.
LS: I don't know. I believe Janak was the only one testing with it, so I
don't know if he has setup instructions. Janak will be back Thursday, so
I'll ask him about that and put some instructions out if there isn't any
out there.
Cron, tmpwatch, mail, etc.
--------------------------
LS: Any updates on this item, we didn't have anything on it our last
meeting.
SG: for Cron, a patch is already integrated. Open bugzillas if there are any
bugs, we need testing basically.
LK: Any one knows if there are any instructions on how to set it up with
polyinstaniation. I can look through the mail and see.
LS: I don't know. I believe Janak was testing with it, so I don't know if he
has setup instructions. Janak will be back Thursday, so I'll ask him
about that and we'll put some instructions out if there aren't any out
there already
LS: Ok, any other issues anyone would like to bring up before we adjourn.
ok, silence is good. George will be back next week to run the meeting.
Thanks everybody.
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
