1 |
Well, actually the ipsec policy will be removed (among a couple others) |
2 |
from the next release of selinux-base-policy (which will hopefully be |
3 |
today). There are two reasons for for its removal. The idea behind |
4 |
selinux-base-policy is to have only the policy needed to run the system |
5 |
when you reach the end of installing your system, i.e. stage3 plus |
6 |
syslog, cron, etc. The second reason is that its simply untested. The |
7 |
reason its was there in the first place is that we based our initial |
8 |
base policy on the NSA's example policy, which has the ipsec policy. |
9 |
|
10 |
With that being said, I certainly would be interested in seeing a |
11 |
working ipsec policy. Maybe the NSA's ipsec policy works already. |
12 |
*shrugs* |
13 |
|
14 |
On Tue, 2003-06-03 at 04:21, Peter Simons wrote: |
15 |
> I was wondering: Has anyone tried to run IPsec (FreeS/WAN) on a |
16 |
> SELinux system already? I see there are IPsec-related entries in the base |
17 |
> policy, but the FreeS/WAN package doesn't come with any |
18 |
> SELinux-specific patches. That's what made me suspicious. :-) |
19 |
-- |
20 |
Chris PeBenito |
21 |
<pebenito@g.o> |
22 |
Developer, SELinux |
23 |
Hardened Gentoo Linux |
24 |
|
25 |
"Engineering does not require science. Science helps |
26 |
a lot, but people built perfectly good brick walls |
27 |
long before they knew why cement works."-Alan Cox |
28 |
|
29 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
30 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |