[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Joshua Brindle
jbrindle at tresys.com
Thu Oct 5 14:49:21 UTC 2006
On Wed, 2006-10-04 at 14:41 -0400, Venkat Yekkirala wrote:
<snip>
> > >
> > > Received: Hello, root:system_r:semanage_t:s0-s0:c0.c255 from
> > > root:system_r:semanage_t:s0-s0:c0.c255
>
> Is the context after Hello, the context returned by getpeercon?
>
> Also, where are you getting the "from" context from?
>
Ok, the client connects to the server, the server responds with "Hello,
%s" where %s is what is returned from getpeercon(). The client takes
that response and adds "from %s" where %s is what is returned from
getpeercon() so the end result is:
"Hello, %s from %s", client_con, server_con
> > >
> > > no matter what context the server is running in.
>
> Likely because you are running in permissive mode. ANY process can now
> "sendto" the same SA.
>
Once Eric rolls a new kernel with the changes from yesterday I'll try it
again in enforcing to see how it works. (net-2.6 is being moody with
me :\ )
More information about the redhat-lspp
mailing list