On Tuesday, March 27 2007 10:39:25 pm Paul Moore wrote: > On Tuesday 27 March 2007 9:19:48 pm Eric Paris wrote: > > Just to make sure it's not a boneheaded backport on my part of some of > > venkat's old work can you see if it is the same on the latest upstream > > kernel? Most all of the labeled net changes are in linus's tree now. > > Sure, I have a 2.6.20.1 kernel on the same machine which I can try out ...
Hi Eric, Not sure if it is your backport or some other kernel diff between 2.6.18.x and 2.6.20.x but I just tested 2.6.20.4 and did notice a difference. It was still "broken" in the sense that the kernel did not create another SA matching the MLS sensitivity label of the outbound traffic/socket but the 2.6.20.4 kernel did negotiate a SA using the MLS sensitivity label specified in the SPD and it did fail to send traffic using this newly created SA when the socket's MLS sensitivity label did not match. With the 2.6.20.4 behavior in mind I would consider the current lspp.* kernels to be broken. I'm still hoping that we can have some discussion about the negotiation of new SAs to match the context of outgoing UDP traffic similar to TCP so I'm holding off on filing a bugzilla until we can get some opinions. However, if I don't hear anything by the end of the day I'm going to file a bug with what I've learned so far. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
