New commits:
commit 06b3aa7e49c3678cabbaeffa83725bdffc11b685
Author: Kavinda Wewegama <[email protected]>
Date: Sat Feb 27 02:23:20 2021 -0600
pluto: fix bug where an extra SPD entry was created with the incorrect
security label
* SPD entries should only have labels specified in `policy-label` of
connection configurations.
Signed-off-by: Paul Wouters <[email protected]>
commit 88b2c79668a833c0f59211c81136ab8bded11b3b
Author: Paul Wouters <[email protected]>
Date: Sat Feb 27 22:27:53 2021 -0500
pluto: Labeled IPsec: first check exact matching policy before calling
within_range()
The within_range() call otherwise fails in SElinux enforcing mode because
it is
not valid for the policy label configured, only the policy labels that are
constructed from the ACQUIREs obtained.
commit 31ca65bcbfd7c31264babccd2cf26374589e452a
Author: Paul Wouters <[email protected]>
Date: Sat Feb 27 22:27:38 2021 -0500
testing: labeled ipsec test updates
commit 8a18bda6eb0b6d0c97594bf4acf0b7f06a115e63
Author: Kavinda Wewegama <[email protected]>
Date: Sat Feb 27 01:24:16 2021 -0600
pluto: simplify security label check logic per code review feedback
Signed-off-by: Paul Wouters <[email protected]>
commit d53918c5f51fbb32500ae4a897001c38e889ea50
Author: Kavinda Wewegama <[email protected]>
Date: Thu Feb 25 21:11:12 2021 -0600
pluto: address code review comments
Signed-off-by: Paul Wouters <[email protected]>
commit 441691e3a5398cf5723fa7f6dbb27c1d7482c604
Author: Kavinda Wewegama <[email protected]>
Date: Tue Feb 23 19:02:19 2021 -0600
pluto: fix IKEv2 labeled IPsec issues at Responder
* Use the TS_SECLABEL security label arriving from the Initiator for the
child/IPsec SA instead of the `policy-label` from the connection
configuration.
Signed-off-by: Paul Wouters <[email protected]>
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
