Enable SECURITY_NETWORK_XFRM
Eric Paris
eparis at redhat.com
Thu Mar 29 19:18:47 UTC 2007
On Thu, 2007-03-29 at 12:35 -0400, James Morris wrote:
> On Thu, 29 Mar 2007, Eric Paris wrote:
>
> > Right before FC6 we turned off CONFIG_SECURITY_NETWORK_XFRM since there
> > was a lot of development still going on in that areas especially
> > concerning secid reconciliation between that and secmark. The
> > reconciliation work was killed upstream and XFRM labeling has been
> > worked on upstream and has been tested by the LSPP group for quite some
> > time now with success.
> >
> > I'd like to get both of them turned back on so Fedora users can make use
> > of xfrm labeled networking.
>
> I definitely think it needs to be enabled, and I don't think it should
> impact any normal users (you need to specially configure ipsec for
> anything to happen).
>
> Do we have the userland patches for racoon etc. in Fedora ?
I just checked and the rawhide ipsec tools appear to have all of the
patches the could be needed for labeled net to work. I see no reason
this couldn't be turned on in both FC6 and devel.
-Eric
More information about the Fedora-kernel-list
mailing list