[redhat-lspp] [RFC] [MLSXFRM 00/04] Granular IPSec associatio ns for
Venkat Yekkirala
vyekkirala at TrustedCS.com
Fri Jun 16 21:14:41 UTC 2006
Missed this one (got caught at the mail filters I guess)...
> I wonder if this would be more useful if the entire SELinux context was
> taken into account and not just the MLS label? Looking (somewhat
> quickly) at the patch you just posted I don't think it would require too
> much extra work to make it happen, it looks like you have already added
> the full SELinux context to the IPsec selector which I suspect is the
> bulk of the kernel-side work. However, I imagine this would require a
> bit more work in racoon/IKE side of things ...
The entire SELinux context is indeed taken into account all the way into
IKE.
More information about the redhat-lspp
mailing list