SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: RHEL5 Kernel with labeled networking This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Linda Knippers <linda.knippers_at_hp.com> Date: Tue, 03 Oct 2006 16:40:23 -0400 Joy Latten wrote: > On Tue, 2006-10-03 at 15:18 -0400, Joshua Brindle wrote: > >>Joy Latten wrote: >> >>>>Before network labeling is completed we still need some work >>>>implementing how we plan to audit configuration changes in ipsec >>>>labeling decisions. I believe we agreed today that this auditing must >>>>be done in kernelspace since we do not have fine grained enough controls >>>>on netlink messages to allow for all of the auditing in userspace. >>>> >>>> >>> >>>I've talked to Klaus about what needs to be audited for ipsec and >>>lspp compliance. I will begin work on a patch and get this out >>>to the list as soon as I can. We will audit everytime a policy is >>>added/removed to/from the ipsec policy database. >>> >>> >> >>why not just auditallow all association setcontext? > > > Dang! Why didn't I think of that! :-) > Such a good idea. I will do a quick test and > show Klaus and see if it all looks ok to him. > Thanks!!! If we go the auditallow route then we lose some audit record management features, like the ability to enable/disble/search for these records, don't we? Do we care? ljk -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 3 Oct 2006 - 16:40:36 EDT This message: [ Message body ] Next message: Eric Paris: "Labeled networking at the end of the day Oct 2, 2006" Previous message: Christopher J. PeBenito: "Re: Range transitions in modules+refpolicy" In reply to: Joy Latten: "Re: RHEL5 Kernel with labeled networking" Next in thread: Joshua Brindle: "Re: RHEL5 Kernel with labeled networking" Reply: Joshua Brindle: "Re: RHEL5 Kernel with labeled networking" Reply: Klaus Weidner: "Re: [redhat-lspp] Re: RHEL5 Kernel with labeled networking" Reply: Steve Grubb: "Re: [redhat-lspp] Re: RHEL5 Kernel with labeled networking" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom