On Thursday 22 June 2006 1:34 am, Klaus Weidner wrote: > On Wed, Jun 21, 2006 at 11:40:59PM -0400, Paul Moore wrote: > > So, once you boot your kernel you should probably run the following > > commands before you configure the machine to use CIPSO: > > > > # netlabelctl -p mgmt del default > > # netlabelctl -p unlbl accept off <---- OPTIONAL > > > > Let me know if this doesn't solve your problem. > > I've tried that - after these commands, it accepts the mgmt command from > the README without complaining, but I can't get any communication to > work in enforcing mode even at the same level (all packets dropped?), and > in nonenforcing mode all connections get accepted even at different > levels. I must be missing something obvious (maybe the appropriate > selinux policy)?
Yes, that is it exactly - there is no policy yet to support the NetLabel stuff ... sorry :/ -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
