On Wed, 2006-11-29 at 14:32 -0500, Paul Moore wrote: > Eric Paris wrote: > > On Wed, 2006-11-29 at 13:54 -0500, Paul Moore wrote: > > > >>I just posted a set of patches to the netdev and SELinux mailing lists > >>which add > >>two new CIPSO tag types from the IETF draft. These two new types allow you > >>to > >>transmit categories greater than 240. See the draft for details: > >> > >> * http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379 > >> > >>For those of you who want to play with the patches you can do so with the > >>netlabel_tools you currently have; the only change is that instead of always > >>specifying "tags:1" when adding a CIPSO DOI definition you can now use tag > >>types > >>"2" and "5", or a combination. Examples below: > > > > As of right now I do not foresee this going into RHEL5 GA and thus would > > not be part of the current LSPP certification. It's possible that such > > a patch could make U1 but that would be too late for certification. So > > I'm not sure how this howto is applicable to the LSPP effort underway. > > This howto will clearly be of interest when we do the RHEL6 lspp effort > > some day down the line. If I'm misunderstanding what is needed to meet > > LSPP and this is somehow required please let me know so we can talk > > about what needs to be done. > > I posted the how-to on the LSPP mailing list because this has become the place > where most MLS discussions take place, regardless of whether or not they are > related to the current LSPP efforts of RH, HP, IBM, etc. I do not expect the > latest patches to be included in RHEL5; I submitted the patches and the how-to > because life goes on outside the evaluation ... and, well, it's more fun than > the other things I have to work on :) > > In the future I can post these things elsewhere if it cuts down on the > confusion?
I'd favor pushing as much as possible over to selinux list (as long as it is germane to the upstream selinux project, which this is). Not everyone involved in selinux follows redhat-lspp, and at times this has led to serious disconnects. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
