[CentOS] openswan and ipsec
Daniel J Walsh
dwalsh at redhat.com
Mon Feb 10 00:24:07 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/08/2014 11:05 PM, Markus Falb wrote:
> # ipsec verify ... If you encounter network related SElinux errors,
> especially when using KLIPS, try disabling SElinux ...
>
> Well, it is not running KLIPS but netkey, anyways I feel not comfortable
> about disabling selinux on a ipsec router.
>
> I am not sure how to handle possible probems in this case, too. If I decide
> not to disable selinux, and I run into problems, should I
>
> a) report it to redhat as a bug, because it is b) disable selinux because
> ipsec is not meant to work with selinux
>
> Maybe just the verify script should be fixed? Maybe I should ask RedHat
> about this, hm. And finally, do you encounter network related SElinux
> errors with IPSec, both 5 and 6?
>
Are you seeing SELinux issues? If so what?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL4HCcACgkQrlYvE4MpobPvzgCdHHHsbtxbrdbvDxoCp7IKu2nj
AFsAoNei5RfmaSbrBs7PZXO16+vSdp56
=P6bJ
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list