Hi Joy, Could you please tell me if you have the secid patches on your kernel. I ask because that's what has got the change where an SA gets the label from the creating socket/flow.
As for the MLS portion, it should be whatever level ping is running at. Also, are you running in permissive? Thanks, venkat PS: Sorry I seem to have missed your past query on this. > -----Original Message----- > From: Joy Latten [mailto:[EMAIL PROTECTED] > Sent: Monday, October 16, 2006 5:21 PM > To: [EMAIL PROTECTED] > Cc: [email protected] > Subject: [redhat-lspp] using ah and esp protocols in ipsec > > > Paul, > > When ipsec policy is specified as: > > spdadd 9.3.189.57 9.3.192.210 any > -ctx 1 1 "system_u:object_r:passwd_t:s3" > -P out ipsec > esp/transport//require ah/transport//require; > > Since I specified both esp and ah protocols, > racoon created 4 SAs, 2 for esp and 2 for AH. > All four SAs created had the following security context: > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023 > (A ping resulted in the SAs being created.) > > Hope this helps. Let me know if there is anything else I > can help with. > > Regards, > Joy > > -- > redhat-lspp mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/redhat-lspp > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
