Hey Antony, thanks for your reply, sorry for such a delayed answer,
please see my inline comments...
On 05/11/2016 09:21 PM, Antony Antony wrote:
> Hi Ondrej,
> here is a quick response. Do you still have the system where you followed the
> steps in [1]?
>
> On Wed, May 11, 2016 at 01:42:37PM +
Hi Andrew,
On 05/12/2016 05:01 PM, Andrew Cagney wrote:
> Here's a brain dump:
>
> - yes 9p is isn't reliable, and it seems to be getting worse; I really
> wonder about eliminating 9p and using copy/rsync/clone instead, this
> might fit better with docker
Well, that would mean introducing some a
Hi Ondrej,
I am still on F22:) ikev2-37-docker-rw works for me on F22.
A quick workaround for the 0/0 problem could the patch below.
Remember the workaround will cause the test to fail for cosmetic reasons.
However you can check the actual output file to see ping etc works.
less OUTPUT/road.con
Ondrej,
I just tested a patch on testing.libreswan.org, which is a FC23 host and docker
instance is also FC23.
Here is a better patch that will run on FC23 and ikev2-37-docker-rw will pass.
I am using pipework to create extra interfaces and bridge eth0 to the right
bridge.
AFIK docker does no
On Sun, 15 May 2016, Antony Antony wrote:
My understanding is klips is not namespace aware?
I don't have a detailed answer how to make protostack=klips work under docker.
The module is loaded on the host. All instances share the same module.
Antony is right. And I think we do not want to inves
On Sun, 15 May 2016, Ondrej Moris wrote:
Off-topic - are you runnig test suite executed in FIPS mode? If not, are
you interested in that? There would probably be tons of both true and
false positives though. And I am very very doubtful about FIPS in
Fedora. OTOH it might be doable in RHEL...
O
On 05/15/2016 08:09 PM, Paul Wouters wrote:
> On Sun, 15 May 2016, Ondrej Moris wrote:
>
>> Off-topic - are you runnig test suite executed in FIPS mode? If not, are
>> you interested in that? There would probably be tons of both true and
>> false positives though. And I am very very doubtful abou
On Sun, 15 May 2016, Ondrej Moris wrote:
Our problem was that we couldn't easilly add fips=1 on a per-test basis
to the VM. Similarly, we need a MLS on/off method so we can run the MLS
labeled ipsec tests. We might be able to virt-install a FIPS and
FIPS+MLS image, eg east-fips, west-fips, and t
