I just posted a set of patches to the netdev and SELinux mailing lists which add two new CIPSO tag types from the IETF draft. These two new types allow you to transmit categories greater than 240. See the draft for details:
* http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379 For those of you who want to play with the patches you can do so with the netlabel_tools you currently have; the only change is that instead of always specifying "tags:1" when adding a CIPSO DOI definition you can now use tag types "2" and "5", or a combination. Examples below: * Create a DOI definition using the enumerated tag type # netlabelctl cipsov4 add pass doi:1 tags:2 * Create a DOI definition using the ranged tag type # netlabelctl cipsov4 add pass doi:1 tags:5 * Create a DOI definition using multiple tag types # netlabelctl cipsov4 add pass doi:1 tags:2,5,1 When you specify multiple tag types for a DOI definition NetLabel gives precedence to the types based on the order in which you supplied them on the command line. In the example above, "tags:2,5,1", NetLabel will first try to use tag type "2", then type "5", and finally type "1"; as before, if the MLS label can not be represented using the current configuration the socket will not be created. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
