[redhat-lspp] using ah and esp protocols in ipsec
Venkat Yekkirala
vyekkirala at trustedcs.com
Tue Oct 17 19:00:14 UTC 2006
Hi Joy,
Could you please tell me if you have the secid patches
on your kernel. I ask because that's what has got the
change where an SA gets the label from the creating
socket/flow.
As for the MLS portion, it should be whatever level ping is
running at. Also, are you running in permissive?
Thanks,
venkat
PS: Sorry I seem to have missed your past query on this.
> -----Original Message-----
> From: Joy Latten [mailto:latten at austin.ibm.com]
> Sent: Monday, October 16, 2006 5:21 PM
> To: paul.moore at hp.com
> Cc: redhat-lspp at redhat.com
> Subject: [redhat-lspp] using ah and esp protocols in ipsec
>
>
> Paul,
>
> When ipsec policy is specified as:
>
> spdadd 9.3.189.57 9.3.192.210 any
> -ctx 1 1 "system_u:object_r:passwd_t:s3"
> -P out ipsec
> esp/transport//require ah/transport//require;
>
> Since I specified both esp and ah protocols,
> racoon created 4 SAs, 2 for esp and 2 for AH.
> All four SAs created had the following security context:
> security context: root:sysadm_r:ping_t:s0-s15:c0.c1023
> (A ping resulted in the SAs being created.)
>
> Hope this helps. Let me know if there is anything else I
> can help with.
>
> Regards,
> Joy
>
> --
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
>
More information about the redhat-lspp
mailing list