On Mon, 2006-10-16 at 18:56 -0500, Klaus Weidner wrote: > On Mon, Oct 16, 2006 at 05:20:46PM -0500, Joy Latten wrote: > > When ipsec policy is specified as: > > > > spdadd 9.3.189.57 9.3.192.210 any > > -ctx 1 1 "system_u:object_r:passwd_t:s3" > > -P out ipsec > > esp/transport//require ah/transport//require; > > > > Since I specified both esp and ah protocols, > > racoon created 4 SAs, 2 for esp and 2 for AH. > > All four SAs created had the following security context: > > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023 > > (A ping resulted in the SAs being created.) > > Can you try establishing the SA by using a TCP connection instead of > ping, for example from a "s2" or "s3" process in this case? Does that > make any difference? >
This morning I realized I was using Eric's kernel and had not updated to Steve's latest 52 kernel. So I downloaded and installed 52 kernel and now cannot get labeled or non-labeled ipsec to work at all. Let me figure out what I am doing wrong and then I'll try and answer your question. Joy -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
