James Morris wrote: > On Fri, 15 Dec 2006, [EMAIL PROTECTED] wrote: > >>This patch set fixes two bugs that were found recently when adding new CIPSOv4 >>DOI definitions. These patches are pretty small and have been tested by a few >>different people on several different platforms. > > Applied to git://git.infradead.org/~jmorris/selinux-2.6#fixes
Thanks. >>Please apply these for 2.6.20 and they should probably be pushed to the 2.6.19 >>stable tree as well; is there anything special I need to do for that? > > I'm not sure that they qualify. > > The first is a privileged operation, right? Yes it is, you need CAP_NET_ADMIN. I guess this probably isn't that important for 2.6.19 then ... > For the second, what are the implications of mapping to zero? > > Also review Documentation/stable_kernel_rules.txt. [Thanks for the pointer, didn't know that file was there] ... however, I still think this might qualify for the 2.6.19 stable kernel. When a MLS sensitivity level or category maps to zero then whenever the NetLabel subsystem is called to resolve the security attributes of a packet it will, in certain configurations, return security attributes/contexts which are incorrect. Please let me know if you think that has merit for the stable tree and I'll send the patch to the stable mailing list. -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
