[redhat-lspp] [RFC 0/7] Updated NetLabel patch
Paul Moore
paul.moore at hp.com
Thu Jun 22 13:14:58 UTC 2006
On Thursday 22 June 2006 1:34 am, Klaus Weidner wrote:
> On Wed, Jun 21, 2006 at 11:40:59PM -0400, Paul Moore wrote:
> > So, once you boot your kernel you should probably run the following
> > commands before you configure the machine to use CIPSO:
> >
> > # netlabelctl -p mgmt del default
> > # netlabelctl -p unlbl accept off <---- OPTIONAL
> >
> > Let me know if this doesn't solve your problem.
>
> I've tried that - after these commands, it accepts the mgmt command from
> the README without complaining, but I can't get any communication to
> work in enforcing mode even at the same level (all packets dropped?), and
> in nonenforcing mode all connections get accepted even at different
> levels. I must be missing something obvious (maybe the appropriate
> selinux policy)?
Yes, that is it exactly - there is no policy yet to support the NetLabel
stuff ... sorry :/
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list