Is there any IPsec-Tools policy available in FC2? - selinux - Fedora mailing-lists

List overview All Threads
Download

Is there any IPsec-Tools policy available in FC2?

Re: Is there any IPsec-Tools...

dhcpd targeted policy

Park Lee

12 Jan 2005 12 Jan '05

10:32 a.m.

Hi, Is there a IPsec-Tools [1] (i.e. racoon, setkey) policy made for SELinux in Fedora Core 2 ?

Thank you.

[1] http://ipsec-tools.sourceforge.net/

===== Best Regards, Park Lee

__________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com

Reply

Show replies by date

Stephen Smalley

12 Jan 12 Jan

1:55 p.m.

On Wed, 2005-01-12 at 05:32, Park Lee wrote:

Hi, Is there a IPsec-Tools [1] (i.e. racoon, setkey) policy made for SELinux in Fedora Core 2 ?

Thank you.

[1] http://ipsec-tools.sourceforge.net/

Petre posted a racoon policy to the selinux list on Oct 25th, see the mailing list archives. There is also an older ipsec policy already in the policy tree. Note btw that you should be running FC3 rather than FC2 if using SELinux; FC2 is deprecated for SELinux users.

-- Stephen Smalley sds@epoch.ncsc.mil National Security Agency

Reply

petre rodan

7:08 p.m.

Hi,

Park Lee wrote:

Hi, Is there a IPsec-Tools [1] (i.e. racoon, setkey) policy made for SELinux in Fedora Core 2 ?

latest Gentoo policies can be found here:

http://dev.gentoo.org/~kaiowas/policy/gentoo/domains/program/ipsec.te http://dev.gentoo.org/~kaiowas/policy/gentoo/file_contexts/program/ipsec.fc

net_contexts should also contain: ifdef(`ipsec.te', `portcon udp 500 system_u:object_r:isakmp_port_t')

if you tweak the file contexts for Fedora, please also send us the changes.

bye, peter

Thank you.

[1] http://ipsec-tools.sourceforge.net/

===== Best Regards, Park Lee

-- petre rodan kaiowas@gentoo.org Developer, Hardened Gentoo Linux

Reply

Park Lee

8:18 p.m.

On Wed, 12 Jan 2005 at 21:08, petre rodan wrote:

Park Lee wrote:

...
Hi, Is there a IPsec-Tools [1] (i.e. racoon, setkey) policy made for SELinux in Fedora Core 2 ?

latest Gentoo policies can be found here: http://dev.gentoo.org/~kaiowas/policy/gentoo/domains/ program/ipsec.te http://dev.gentoo.org/~kaiowas/policy/gentoo/file_con texts/program/ipsec.fc

net_contexts should also contain: ifdef(`ipsec.te', `portcon udp 500 system_u:object_r:isakmp_port_t')

if you tweak the file contexts for Fedora, please also send us the changes.

I'll try to transform these policies into Fedora Core.

But, I'm not familiar with Gentoo. Would you please tell me what the main difference between the two is? and Is there anything else we should take care of in order to do the job?

Thanks.

===== Best Regards, Park Lee

__________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail

Reply

7108

Age (days ago)

7108

Last active (days ago)

selinux@lists.fedoraproject.org

3 comments

3 participants

tags (0)

participants (3)

Park Lee
petre rodan
Stephen Smalley