Paul Moore wrote: > Eric Paris wrote: >>This is great, we are getting there. But, we still need at least 3-4 >>more patches before tomorrow!! >> >>Patch1: finish the error propagation backport for the ipsec leak (Being >>completed by Eric Paris) >>Patch2: audit ipsec config changes (Being completed by Joy Latten) >>Patch3: find and fix current issues with unlabeled_t packets that can't >>be explained (Paul Moore and Venkat) > > I'm working on this but it's taking time getting all the right policy bits > sorted so I can differentiate between SECINITSID_UNLABELED and > SECINITSID_NETMSG > as they will both show up as "unlabeled_t" in all the released policies (at > least I think so). > > Venkat, if you have a policy rpm/clean-patch/tarball something it would be a > help if you could post that or send it to me (I saw your earlier postings, but > only the constraints were really in patch form). Or if you could verify the > lspp.51 kernel w/o the NetLabel/secid patch (turn off patch 25008, if you > want I > can send you a diff to the spec file - it's only two lines). So far I have > not > seen any differences between the stock lspp.51 kernel and the lspp.51 kernel > without the NetLabel/secid patch.
In case anyone wants to play with the lspp.51 minus the NetLabel/secid patch, I put up a modified source RPM here: * http://free.linux.hp.com/~pmoore/files -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
