> I'm not very sure how users will use the SPD labeling. I suspect that > they will be labeled with probably the other side's domain type. For > example, if httpd_t and mozilla_t are connected, the SPD would be > mozilla_t on the http machine and httpd_t on the mozilla machine. >
In the simplest case, you would just have a generic "labeled_ipsec_t" Type that would be specified for all the spd rules that pertain to labeled-ipsec. All the different domains that need to use labeled-ipsec would then polmatch to labeled_ipsec_t. The SAs will always and automatically be using the originating domain Type. So, the SA from the client to server would be auto-labeled mozilla_t, rss_aggregator_t, etc. (on both ends), and the SA from the server to client would be auto-labeled httpd_t (again on both ends). -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
