Hi Venkat, I have been using old kernel, my apologies. I have updated to 52 kernel and will retry my test efforts. I am running in permissive. I will let you know if I see anything unusual.
Regards, Joy On Tue, 2006-10-17 at 14:00 -0500, Venkat Yekkirala wrote: > Hi Joy, > > Could you please tell me if you have the secid patches > on your kernel. I ask because that's what has got the > change where an SA gets the label from the creating > socket/flow. > > As for the MLS portion, it should be whatever level ping is > running at. Also, are you running in permissive? > > Thanks, > > venkat > > PS: Sorry I seem to have missed your past query on this. > > > -----Original Message----- > > From: Joy Latten [mailto:[EMAIL PROTECTED] > > Sent: Monday, October 16, 2006 5:21 PM > > To: [EMAIL PROTECTED] > > Cc: [email protected] > > Subject: [redhat-lspp] using ah and esp protocols in ipsec > > > > > > Paul, > > > > When ipsec policy is specified as: > > > > spdadd 9.3.189.57 9.3.192.210 any > > -ctx 1 1 "system_u:object_r:passwd_t:s3" > > -P out ipsec > > esp/transport//require ah/transport//require; > > > > Since I specified both esp and ah protocols, > > racoon created 4 SAs, 2 for esp and 2 for AH. > > All four SAs created had the following security context: > > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023 > > (A ping resulted in the SAs being created.) > > > > Hope this helps. Let me know if there is anything else I > > can help with. > > > > Regards, > > Joy > > > > -- > > redhat-lspp mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/redhat-lspp > > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
