On Tue, 2020-10-13 at 09:55 -0400, Paul Moore wrote:
On Mon, Oct 12, 2020 at 5:40 AM Harald Welte
<laforge(a)gnumonks.org>
wrote:
Hi Paul,
On Sun, Oct 11, 2020 at 10:09:11PM -0400, Paul Moore wrote:
Harald, Pablo - I know you both suggested taking
a slow iterative
approach to merging functionality, perhaps you could also help
those
of us on the SELinux side better understand some of the common
GTP use
cases?
There really only is one use case for this code: The GGSN or P-GW
function
in the 3GPP network architecture ...
Hope this helps,
Harald
It does, thank you.
It looks like this patchset is not really a candidate for merging in
its current form, but I didn't want to lose this information (both
the
patches and Harald's comments) so I created a GH issue to track this
at the URL below.
*
https://github.com/SELinuxProject/selinux-kernel/issues/54
While I was not expecting these patches to be excepted for the current
version, the main aim was to see what LSM security services could be
implemented on possible 5G components, bearing in mind the DARPA Open
Programmable Secure 5G (OPS-5G) initiative (probably 'jumping the gun'
here a bit though).
There is in development a 5G version of GTP at [1]. I have added the
enhanced hooks to this (plus retrieve contexts via call-backs etc.),
and have it running on 5.9, passing their tests. I'm not sure how far
this development will go, but a starter ??.
The other component that seems to be widely used in these systems is
SCTP that I added hooks to a few years ago, also TCP/UDP etc. that are
already well catered for. Also there would be a large amount of
userspace code ....
Anyway food for thought.
[1]
https://github.com/PrinzOwO/gtp5g