On Monday 16 October 2006 7:56 pm, Klaus Weidner wrote: > On Mon, Oct 16, 2006 at 05:20:46PM -0500, Joy Latten wrote: > > When ipsec policy is specified as: > > > > spdadd 9.3.189.57 9.3.192.210 any > > -ctx 1 1 "system_u:object_r:passwd_t:s3" > > -P out ipsec > > esp/transport//require ah/transport//require; > > > > Since I specified both esp and ah protocols, > > racoon created 4 SAs, 2 for esp and 2 for AH. > > All four SAs created had the following security context: > > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023 > > (A ping resulted in the SAs being created.) > > Can you try establishing the SA by using a TCP connection instead of > ping, for example from a "s2" or "s3" process in this case? Does that > make any difference?
Another, sorta related concern, is the wrong SA still being used for getpeercon()? If so that should probably be a bugzilla too. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
