| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Nov 2006 17:44:36 -0600 From: Joy Latten <latten@...tin.ibm.com> To: James Morris <jmorris@...ei.org> Cc: netdev@...r.kernel.org, davem@...emloft.net, herbert@...dor.apana.org.au, sgrubb@...hat.com Subject: Re: [PATCH 1/1] additional ipsec audit patch On Wed, 2006-11-29 at 19:32 -0500, James Morris wrote: > On Wed, 29 Nov 2006, James Morris wrote: > > > On Wed, 29 Nov 2006, Joy Latten wrote: > > > > > This patch disables auditing in ipsec when CONFIG_AUDITSYSCALL is > > > disabled in the kernel. > > > > > > This patch also includes a bug fix for xfrm_state.c as a result of > > > original ipsec audit patch. > > > > > > Let me know if it looks ok. > > > > > > Also, the last patch contains no Signed-off-by: line, please resend. > > And, what is the testing status of these patches? > I ran a stress test overnight using labeled ipsec on a patched lspp55 kernel using racoon last week. The additional patch to xfrm_state.c was my fault when rebasing to 2.6.19-rc6 to send upstream. I plan to run an ipv4 and ipv6 stress test tonight and tomorrow using labeled ipsec with auditing enabled on the lspp56 kernel, which contains ipsec audit patch, to ensure no regression has occurred. I can also run an ipv4 and ipv6 stress tests with regular ipsec over the weekend for further ensurance. I compiled and did unit test with SELINUX disabled, AUDITSYSCALL disabled, and with both enabled. regards, Joy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists