From: David Miller <[EMAIL PROTECTED]>
Date: Thu, 08 Jun 2006 23:40:03 -0700 (PDT)
> From: Xiaolan Zhang <[EMAIL PROTECTED]>
> Date: Tue, 6 Jun 2006 10:55:58 -0400
>
> > Singned-off-by: Catherine Zhang <[EMAIL PROTECTED]>
> >
> > James, is this enough or do I need to modify the original patch to
From: Xiaolan Zhang <[EMAIL PROTECTED]>
Date: Tue, 6 Jun 2006 10:55:58 -0400
> Singned-off-by: Catherine Zhang <[EMAIL PROTECTED]>
>
> James, is this enough or do I need to modify the original patch to add the
> above line? The code was taken from various pieces of patches originally
> from Tr
Singned-off-by: Catherine Zhang <[EMAIL PROTECTED]>
James, is this enough or do I need to modify the original patch to add the
above line? The code was taken from various pieces of patches originally
from Trent and merged/modified by me. Let me know what else I need to do.
thanks,
Catherine
From: James Morris <[EMAIL PROTECTED]>
Date: Tue, 6 Jun 2006 01:37:04 -0400 (EDT)
> On Tue, 6 Jun 2006, Catherine Zhang wrote:
>
> > Minor fix per James' comment.
>
> Can you also add a Signed-off-by line?
>
> I can't recall if you were the original author. If not, we also need a
> From line
On Tue, 6 Jun 2006, Catherine Zhang wrote:
> Minor fix per James' comment.
Can you also add a Signed-off-by line?
I can't recall if you were the original author. If not, we also need a
>From line (per Documentation/SubmittingPatches).
Thanks,
--
James Morris
<[EMAIL PROTECTED]>
-
To unsub
On Tue, 6 Jun 2006, Catherine Zhang wrote:
> Minor fix per James' comment.
Acked-by: James Morris <[EMAIL PROTECTED]>
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at ht
Hi,
Minor fix per James' comment.
thanks,
Catherine
--
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete
On Mon, 5 Jun 2006, Catherine Zhang wrote:
Looks ok to me, except for one minor nit:
> + if (ctx) {
> + rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
> + SECCLASS_ASSOCIATION,
> + ASSOCIATION__SETCONTEXT, NULL);
> + }
you don't need the braces here (simi
Hi,
This is resubmit of the LSM-IPsec fix patch rebased against
Linux version 2.6.17-rc4-mm3.
As always, comments are welcome!
Catherine
---
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no au
Minor fixes, per James' comment.
thanks,
Catherine
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete
From: Trent Jaeger <[EMAIL PROTECTED]>
Date: Mon, 16 Jan 2006 21:54:13 -0500
> We want to limit the modification of security contexts only to the
> minimal set of programs (e.g., setkey and racoon). SELinux generally
> restricts root programs to least privilege rights, such that a root
> pr
On Mon, 16 Jan 2006, cxzhang wrote:
> +++ linux-2.6.15-mm3-cxzhang/net/key/af_key.c2006-01-13 18:41:02.0
> -0500
> @@ -1454,6 +1454,9 @@ static int pfkey_delete(struct sock *sk,
> if (x == NULL)
> return -ESRCH;
>
> +if ((err = security_xfrm_state_delete(x)))
> +
On Jan 16, 2006, at 7:14 PM, Herbert Xu wrote:
On Mon, Jan 16, 2006 at 06:10:53PM -0500, cxzhang wrote:
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the
previous
patch, no authorization (besides the check for
On Mon, Jan 16, 2006 at 06:10:53PM -0500, cxzhang wrote:
>
> This patch contains a fix for the previous patch that adds security
> contexts to IPsec policies and security associations. In the previous
> patch, no authorization (besides the check for write permissions to
> SAD and SPD) is required
This patch contains a fix for the previous patch that adds security
contexts to IPsec policies and security associations. In the previous
patch, no authorization (besides the check for write permissions to
SAD and SPD) is required to delete IPsec policies and security
assocations with security c
Hi,
After discussion with Stephen Smalley and James Morris, we decided to
change the SELinux authorization from relabel to testing for a security
operation (set_ipsec). That is, a process must have the authority to
set IPsec security contexts in order to create or delete IPsec policy
or SA en
16 matches
Mail list logo
