[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] [RFC 0/7] Updated NetLabel patch
- From: Paul Moore <paul moore hp com>
- To: Klaus Weidner <klaus atsec com>
- Cc: redhat-lspp redhat com, sgrubb redhat com, sds epoch ncsc mil, jmorris redhat com
- Subject: Re: [redhat-lspp] [RFC 0/7] Updated NetLabel patch
- Date: Thu, 22 Jun 2006 09:14:58 -0400
On Thursday 22 June 2006 1:34 am, Klaus Weidner wrote:
> On Wed, Jun 21, 2006 at 11:40:59PM -0400, Paul Moore wrote:
> > So, once you boot your kernel you should probably run the following
> > commands before you configure the machine to use CIPSO:
> >
> > # netlabelctl -p mgmt del default
> > # netlabelctl -p unlbl accept off <---- OPTIONAL
> >
> > Let me know if this doesn't solve your problem.
>
> I've tried that - after these commands, it accepts the mgmt command from
> the README without complaining, but I can't get any communication to
> work in enforcing mode even at the same level (all packets dropped?), and
> in nonenforcing mode all connections get accepted even at different
> levels. I must be missing something obvious (maybe the appropriate
> selinux policy)?
Yes, that is it exactly - there is no policy yet to support the NetLabel
stuff ... sorry :/
--
paul moore
linux security @ hp
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]