Stephen Smalley wrote: > On Tue, 2006-10-03 at 11:34 -0400, Linda Knippers wrote: > >>Eric, >> >>I've booted your kernel on the following systems: >> >>ia64 box running rhel5 beta 1 targeted policy >>x86 box running fc6t2 mls policy >> >>I don't have any labeled networking specifically configured. >> >>Networking only works in permissive mode. If I put either system >>in enforcing mode, I can't ping, bring up X, or do anything. >> >>Are there some policy changes that are needed? Seems like by default >>everything should work like it did before? > > > Only if you set /selinux/compat_net to 1. > Otherwise, you need modified policy to define and allow flow_in/flow_out > permissions as required, and I suspect you need more in order to deal > with the fact that we now get labeled traffic on loopback by default > (thus affecting packet send/recv as well). Venkat, do you have a policy > patch? >
Ok, with /selinux/compat_net set to 1, I can go into enforcing mode on my rhel5 beta 1 targeted system. Its got selinux-policy-2.3.3-22. The first time I tried the same thing on my fc6/mls system it killed all my network sessions. The second time I tried it my established sessions stayed up but the mouse quit working. This system has selinux-policy-mls-2.3.16-6. -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
