Another update to the labeled networking patchset, the lblnet-2.6_testing git tree on infradead.org has been updated too for those of you who prefer to get the changes that way.

With this version of the patchset I'm now considering the patches "feature complete" for 2.6.25. However, the push to get the features done in time has meant that my testing has been, and continues to be, pretty light so please don't consider this patch ready for inclusion anywhere yet. I'm posting these changes for people to review and test.

Since v7 there have been quite a few changes, although they have all been in support of the big change - packet ingress/egress controls (formerly know as "flow controls" to some SELinux folks). This should allow SELinux (and other LSMs) to provide packet level access control to all IP traffic entering and leaving the system. The two other big changes, the shift from skb->dev to skb->iif and the SELinux network node caching mechanism, are in support of these new controls although other aspects of the SELinux code benefit as well (check out the patches).

Comments are always welcome and people willing to help test are even more welcome. I'll get some SELinux policy patches out next week to help enable the new functionality and if everything is still looking okay I'll ping Andew Morton to see if I can get the latest version of these patches included in the -mm tree (previous versions are already included).

Thanks.

-- 
paul moore
linux security @ hp


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.