On Oct 11, 2006, at 10:36 AM, Paul Moore wrote:
Joe Nall wrote:
If the secid reconciliation patches don't make RH5, will localhost
IP connections have MLS policy applied?
Just a second while I get my dead-horse-beating-mallets out of my
desk drawer
... there we go.
NetLabel, which *should* be present in RHEL5 with full support,
works without
problem over localhost. This means that, if NetLabel is configured
for the
sending domain, packets sent to/over/through the localhost
interface will carry
MLS attributes and will have MLS policy applied as one would expect.
For 240 of the 1024 categories in the current policy :)
Netlabel/CIPSO is great for talking to other operating systems, but
if it the _only_ mechanism to label local IP sockets, we have a problem.
joe
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
