On 08/04/2011 04:30 PM, Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezc...@free.fr):
>> On 07/28/2011 08:19 PM, Serge E. Hallyn wrote:
>>> It breaks with multiple cgroup mounts unless /etc/mtab is linked
>>> to /proc/self/mounts (which it is not in Ubuntu, for instance).
>>>
>>> Signed
On 8/3/2011 9:39 PM, Michael H. Warfield wrote:
> On Wed, 2011-08-03 at 21:01 -0700, Casey Schaufler wrote:
>> On 8/3/2011 4:24 PM, Serge E. Hallyn wrote:
>>> Quoting Andre Nathan (an...@digirati.com.br):
Hi Mike
On Wed, 2011-08-03 at 17:52 -0400, Michael H. Warfield wrote:
> Tha
On 8/4/2011 6:52 AM, Michael H. Warfield wrote:
> On Wed, 2011-08-03 at 22:21 -0700, Casey Schaufler wrote:
>> Smack does not use IPsec on IPv4. Smack uses CIPSO. CIPSO is
>> implemented completely within the kernel. It has no user space
>> component. There is no CIPSO equivalent for IPv6 due to t
On 8/3/2011 4:24 PM, Serge E. Hallyn wrote:
> Quoting Andre Nathan (an...@digirati.com.br):
>> Hi Mike
>>
>> On Wed, 2011-08-03 at 17:52 -0400, Michael H. Warfield wrote:
>>> That's v4 syntax. Does it not work at all? Did you try this:
>>>
>>> echo ::/0 @ > /smack/netlabel
>>>
>>> Not having trie
On Sat, Jul 30, 2011 at 09:10:33PM -0400, Matthew Franz wrote:
> Had seen some previous discussions before, but are there any ways to
> mitigate this design vulnerability?
>
> http://blog.bofh.it/debian/id_413
>
> Are there any workarounds?
>
> Thanks,
>
> - mdf
>
> --
> --
> Matthew Franz
>
On Thu, 2011-08-04 at 09:11 -0700, Casey Schaufler wrote:
> On 8/4/2011 6:52 AM, Michael H. Warfield wrote:
> > On Wed, 2011-08-03 at 22:21 -0700, Casey Schaufler wrote:
> >> Smack does not use IPsec on IPv4. Smack uses CIPSO. CIPSO is
> >> implemented completely within the kernel. It has no user
Quoting Daniel Lezcano (daniel.lezc...@free.fr):
> On 07/28/2011 08:19 PM, Serge E. Hallyn wrote:
> > It breaks with multiple cgroup mounts unless /etc/mtab is linked
> > to /proc/self/mounts (which it is not in Ubuntu, for instance).
> >
> > Signed-off-by: Serge Hallyn
>
> Hi Serge,
>
> not sur
On Wed, 2011-08-03 at 22:21 -0700, Casey Schaufler wrote:
> Smack does not use IPsec on IPv4. Smack uses CIPSO. CIPSO is
> implemented completely within the kernel. It has no user space
> component. There is no CIPSO equivalent for IPv6 due to the
> expectation that all IPv6 implementations will u
On Wed, 2011-08-03 at 22:21 -0700, Casey Schaufler wrote:
> On 8/3/2011 9:39 PM, Michael H. Warfield wrote:
> > On Wed, 2011-08-03 at 21:01 -0700, Casey Schaufler wrote:
> >> On 8/3/2011 4:24 PM, Serge E. Hallyn wrote:
> >>> Quoting Andre Nathan (an...@digirati.com.br):
> Hi Mike
>
> >>>
On Thu, 2011-08-04 at 08:44 -0300, Andre Nathan wrote:
> Is there a way then to just disable the networking part of? The IPv6
... of Smack
> rule I was trying to add was just to have unlabled networking.
---
Hello Casey
On Wed, 2011-08-03 at 22:21 -0700, Casey Schaufler wrote:
> Thus, IPv6 support for Smack is much harder than IPv4 support
> for Smack was. The difference is not between IPv6 and IPv4,
> rather it is the difference between IPsec and CIPSO.
Is there a way then to just disable the networ
On 07/28/2011 08:19 PM, Serge E. Hallyn wrote:
> It breaks with multiple cgroup mounts unless /etc/mtab is linked
> to /proc/self/mounts (which it is not in Ubuntu, for instance).
>
> Signed-off-by: Serge Hallyn
Hi Serge,
not sure, you got the email but I was not able to apply this one.
The rej
12 matches
Mail list logo