[redhat-lspp] Re: RHEL5 Kernel with labeled networking
Eric Paris
eparis at parisplace.org
Tue Oct 3 15:45:56 UTC 2006
On Tue, 2006-10-03 at 11:34 -0400, Linda Knippers wrote:
> Eric,
>
> I've booted your kernel on the following systems:
>
> ia64 box running rhel5 beta 1 targeted policy
> x86 box running fc6t2 mls policy
>
> I don't have any labeled networking specifically configured.
>
> Networking only works in permissive mode. If I put either system
> in enforcing mode, I can't ping, bring up X, or do anything.
>
> Are there some policy changes that are needed? Seems like by default
> everything should work like it did before?
>
> -- ljk
I think there is going to need to be a policy change that I'm actually
talking with Dan about as I type this e-mail. I think we need
allow $1 unlabeled_t:packet { flow_in flow_out };
to be added to policy to allow things to work as they did. I'll post
again as soon as we have a policy that appears to let normal networking
work in enforcing.
-Eric
More information about the redhat-lspp
mailing list