| 1 |
Well, actually the ipsec policy will be removed (among a couple others) |
| 2 |
from the next release of selinux-base-policy (which will hopefully be |
| 3 |
today). There are two reasons for for its removal. The idea behind |
| 4 |
selinux-base-policy is to have only the policy needed to run the system |
| 5 |
when you reach the end of installing your system, i.e. stage3 plus |
| 6 |
syslog, cron, etc. The second reason is that its simply untested. The |
| 7 |
reason its was there in the first place is that we based our initial |
| 8 |
base policy on the NSA's example policy, which has the ipsec policy. |
| 9 |
|
| 10 |
With that being said, I certainly would be interested in seeing a |
| 11 |
working ipsec policy. Maybe the NSA's ipsec policy works already. |
| 12 |
*shrugs* |
| 13 |
|
| 14 |
On Tue, 2003-06-03 at 04:21, Peter Simons wrote: |
| 15 |
> I was wondering: Has anyone tried to run IPsec (FreeS/WAN) on a |
| 16 |
> SELinux system already? I see there are IPsec-related entries in the base |
| 17 |
> policy, but the FreeS/WAN package doesn't come with any |
| 18 |
> SELinux-specific patches. That's what made me suspicious. :-) |
| 19 |
-- |
| 20 |
Chris PeBenito |
| 21 |
<pebenito@g.o> |
| 22 |
Developer, SELinux |
| 23 |
Hardened Gentoo Linux |
| 24 |
|
| 25 |
"Engineering does not require science. Science helps |
| 26 |
a lot, but people built perfectly good brick walls |
| 27 |
long before they knew why cement works."-Alan Cox |
| 28 |
|
| 29 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 30 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives