From: Joy L. <la...@au...> - 2006-10-27 00:00:18
|
Sometime this year code I submitted code that allowed setkey the ability to add SELinux security contexts to ipsec policy and SAs created manually. This code allowed us to leverage IPSec for MAC of Linux Network Communications. This code was accepted into CVS tree for ipsec-tools-0.6.5. When I downloaded ipsec-tools-0.6.6, it wasn't there. Fedora has already pulled the version of ipsec-tools with this functionality into fedora core 6. I am in the process of re-submitting the racoon modifications that are required such that racoon too can negotiate and establish SAs with an SELinux security context. The setkey and racoon modifications have been used and tested by LSPP developers over the last few months. I figured I should ask first about disappearance of setkey modifications before resubmitting the racoon modifications. :-) I'd be happy to resubmit the setkey modifications... would it be best if I resubmit both patches? Regards, Joy Latten |
From: VANHULLEBUS Y. <va...@fr...> - 2006-10-27 08:46:37
|
On Thu, Oct 26, 2006 at 06:47:34PM -0500, Joy Latten wrote: > Sometime this year code I submitted code that allowed setkey the ability > to add SELinux security contexts to ipsec policy and SAs created > manually. This code allowed us to leverage IPSec for MAC of Linux > Network Communications. This code was accepted into CVS tree for > ipsec-tools-0.6.5. When I downloaded ipsec-tools-0.6.6, it wasn't there. Hi. If this is the patch I reported, it was NOT reported on 0.6 branch, but only on HEAD, so it will be on the 0.7 branch which should be created soon (well, Manu is currently working for the next EuroBSDCon, and I am working on FreeBSD kernel part actually, but I guess we'll branch it at least before the end of the year, and perhaps in a few days only). Major changes are NEVER reported on production branches. > Fedora has already pulled the version of ipsec-tools with this > functionality into fedora core 6. This is a backport decided by the Fedora Core team, for their version. > I am in the process of re-submitting the racoon modifications that are > required such that racoon too can negotiate and establish SAs with an > SELinux security context. > > The setkey and racoon modifications have been used and tested by LSPP > developers over the last few months. If some things are missing on HEAD branch, please contact me and report me the missing things. But 0.6 branch should become obsolete in a few weeks, and we won't report major changes on it. > I figured I should ask first about disappearance of setkey modifications > before resubmitting the racoon modifications. :-) I'd be happy to > resubmit the setkey modifications... would it be best if I resubmit both > patches? If some things are missing on HEAD, please sumbit patches for those missing parts. Yvan. |
From: <ma...@ne...> - 2006-10-27 17:06:20
|
VANHULLEBUS Yvan <va...@fr...> wrote: > If this is the patch I reported, it was NOT reported on 0.6 branch, > but only on HEAD, so it will be on the 0.7 branch which should be > created soon (well, Manu is currently working for the next EuroBSDCon, Well, I finished my paper, so I have spare time to start up the branch. Is it the right time? No change pending to HEAD? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz ma...@ne... |
From: Joy L. <la...@au...> - 2006-10-27 18:35:56
|
On Fri, 2006-10-27 at 10:46 +0200, VANHULLEBUS Yvan wrote: > On Thu, Oct 26, 2006 at 06:47:34PM -0500, Joy Latten wrote: > > Sometime this year code I submitted code that allowed setkey the ability > > to add SELinux security contexts to ipsec policy and SAs created > > manually. This code allowed us to leverage IPSec for MAC of Linux > > Network Communications. This code was accepted into CVS tree for > > ipsec-tools-0.6.5. When I downloaded ipsec-tools-0.6.6, it wasn't there. > > Hi. > > If this is the patch I reported, it was NOT reported on 0.6 branch, > but only on HEAD, so it will be on the 0.7 branch which should be > created soon (well, Manu is currently working for the next EuroBSDCon, > and I am working on FreeBSD kernel part actually, but I guess we'll > branch it at least before the end of the year, and perhaps in a few > days only). > > Major changes are NEVER reported on production branches. > > > > Fedora has already pulled the version of ipsec-tools with this > > functionality into fedora core 6. > > This is a backport decided by the Fedora Core team, for their version. > > > > I am in the process of re-submitting the racoon modifications that are > > required such that racoon too can negotiate and establish SAs with an > > SELinux security context. > > > > The setkey and racoon modifications have been used and tested by LSPP > > developers over the last few months. > > If some things are missing on HEAD branch, please contact me and > report me the missing things. > > But 0.6 branch should become obsolete in a few weeks, and we won't > report major changes on it. > > > > I figured I should ask first about disappearance of setkey modifications > > before resubmitting the racoon modifications. :-) I'd be happy to > > resubmit the setkey modifications... would it be best if I resubmit both > > patches? > > If some things are missing on HEAD, please sumbit patches for those > missing parts. > Thanks! I did not understand how things worked until you explained. I appreciate it. I will send the racoon portion of the patch shortly. I will also check the HEAD branch to ensure everything else is there. Regards, Joy |