[redhat-lspp] labeled ipsec status
Paul Moore
paul.moore at hp.com
Mon Jan 8 21:08:30 UTC 2007
> > I just verified that this still works correctly. You can test it
> > yourself by doing the following:
> >
> > 1. Connect to the machine via the network (ssh, telnet, etc.)
> > 2. Once connected run a command that generates regular output (run 'date'
> > in a loop)
> > 3. On a console on the machine run the following
> >
> > # netlabelctl -p unlbl accept off
> > <the output on the command from #2 should stop>
> > # netlabelctl -p unlbl accept on
> > <the output on the command from #2 should resume, assuming the TCP
> > session didn't die>
> >
> > You can check the status of the unlabeled accept flag by running the
> > following command:
> >
> > # netlabelctl -p unlbl list
>
> Beat me to it. Does the fact that netlabel and xfrm have different
> mechanisms for accomplishing the same thing change the 'correct' name
> for the boolean?
Hey, if you guys want to take a patch at this point I can change it the
netlabelctl program to use whatever you want ... I'm nice like that :)
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list