On Mon, Oct 16, 2006 at 05:20:46PM -0500, Joy Latten wrote: > When ipsec policy is specified as: > > spdadd 9.3.189.57 9.3.192.210 any > -ctx 1 1 "system_u:object_r:passwd_t:s3" > -P out ipsec > esp/transport//require ah/transport//require; > > Since I specified both esp and ah protocols, > racoon created 4 SAs, 2 for esp and 2 for AH. > All four SAs created had the following security context: > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023 > (A ping resulted in the SAs being created.)
Can you try establishing the SA by using a TCP connection instead of ping, for example from a "s2" or "s3" process in this case? Does that make any difference? -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
