New commits: commit 06b3aa7e49c3678cabbaeffa83725bdffc11b685 Author: Kavinda Wewegama <kavinda.weweg...@forcepointgov.com> Date: Sat Feb 27 02:23:20 2021 -0600
pluto: fix bug where an extra SPD entry was created with the incorrect security label * SPD entries should only have labels specified in `policy-label` of connection configurations. Signed-off-by: Paul Wouters <pwout...@redhat.com> commit 88b2c79668a833c0f59211c81136ab8bded11b3b Author: Paul Wouters <pwout...@redhat.com> Date: Sat Feb 27 22:27:53 2021 -0500 pluto: Labeled IPsec: first check exact matching policy before calling within_range() The within_range() call otherwise fails in SElinux enforcing mode because it is not valid for the policy label configured, only the policy labels that are constructed from the ACQUIREs obtained. commit 31ca65bcbfd7c31264babccd2cf26374589e452a Author: Paul Wouters <pwout...@redhat.com> Date: Sat Feb 27 22:27:38 2021 -0500 testing: labeled ipsec test updates commit 8a18bda6eb0b6d0c97594bf4acf0b7f06a115e63 Author: Kavinda Wewegama <kavinda.weweg...@forcepointgov.com> Date: Sat Feb 27 01:24:16 2021 -0600 pluto: simplify security label check logic per code review feedback Signed-off-by: Paul Wouters <pwout...@redhat.com> commit d53918c5f51fbb32500ae4a897001c38e889ea50 Author: Kavinda Wewegama <kavinda.weweg...@forcepointgov.com> Date: Thu Feb 25 21:11:12 2021 -0600 pluto: address code review comments Signed-off-by: Paul Wouters <pwout...@redhat.com> commit 441691e3a5398cf5723fa7f6dbb27c1d7482c604 Author: Kavinda Wewegama <kavinda.weweg...@forcepointgov.com> Date: Tue Feb 23 19:02:19 2021 -0600 pluto: fix IKEv2 labeled IPsec issues at Responder * Use the TS_SECLABEL security label arriving from the Initiator for the child/IPsec SA instead of the `policy-label` from the connection configuration. Signed-off-by: Paul Wouters <pwout...@redhat.com> _______________________________________________ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit