some questions (Re: mac-0.5.diff)
Ilmar S. Habibulin
ilmar at watson.org
Thu Sep 27 06:57:51 GMT 2001
On Wed, 26 Sep 2001, Robert Watson wrote:
first of all - how capabilities integration is going?
> Multi-Level Security, and a custom "partition" scheme. This patch does
> not include recent progress made by Ilmar in the network labeling/access
> control space, nor non-hierarchal MAC categories.
I will port my work in -current and send you my patches ASAP, maybe in a
week. And what about non-hierarchical categories? I've checked RFCs 1108
and 1038 to see, if they have something, that will satisfy our needs. But
it's funny or not - these RFCs are more US-specific, that FIPS 188 is. ;-)
So, i will implement CIPSO, but don't know right now what type of security
tag should i use. Maybe you can help - what do you think should be
included in packet label right now based on MAC model and implementation
you have?
> Disclaimer: If you run it, this patch will hurt you, I promise. Don't do
> this on a machine you don't want to sacrifice to the good of the cause.
You scared me to death. ;-)))
> setfmac biba/low,mls/low,partition/none `find /home/rwatson`
> (setfmac does not currently have a -R parameter, but will get one in the
> next iteratin)
Do you want s/getfmac be internationalized?
> There may be problems with this release (there always are), so expect
> patch updates.
Be waiting for... ;-)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list