[redhat-lspp] FW: [RFC] [MLSXFRM 00/04] Granular IPSec associations for use in MLS environments
Venkat Yekkirala
vyekkirala at TrustedCS.com
Fri Jun 16 20:57:43 UTC 2006
FYI-
-----Original Message-----
From: Venkat Yekkirala
Sent: Friday, June 16, 2006 12:13 PM
To: Venkat Yekkirala; 'Stephen Smalley'
Cc: 'redhat-lspp at redhat.com'; 'jmorris at redhat.com';
'tjaeger at cse.psu.edu'; 'latten at austin.ibm.com'
Subject: RE: [RFC] [MLSXFRM 00/04] Granular IPSec associations for use
in MLS environments
> > is it just a matter of how we configure the policy rules
> for polmatch?
>
> Actually, it would be the ranged SA labels (defined in the
> xfrm policy), used
> as the target by sendto and recvfrom.
and used as the subject in the polmatch check, yes.
More information about the redhat-lspp
mailing list