[CentOS] openswan and ipsec

Mon Feb 10 00:24:07 UTC 2014
Daniel J Walsh <dwalsh at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/08/2014 11:05 PM, Markus Falb wrote:
> # ipsec verify ... If you encounter network related SElinux errors,
> especially when using KLIPS, try disabling SElinux ...
> 
> Well, it is not running KLIPS but netkey, anyways I feel not comfortable
> about disabling selinux on a ipsec router.
> 
> I am not sure how to handle possible probems in this case, too. If I decide
> not to disable selinux, and I run into problems, should I
> 
> a) report it to redhat as a bug, because it is b) disable selinux because
> ipsec is not meant to work with selinux
> 
> Maybe just the verify script should be fixed? Maybe I should ask RedHat
> about this, hm. And finally, do you encounter network related SElinux
> errors with IPSec, both 5 and 6?
> 
Are you seeing SELinux issues? If so what?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlL4HCcACgkQrlYvE4MpobPvzgCdHHHsbtxbrdbvDxoCp7IKu2nj
AFsAoNei5RfmaSbrBs7PZXO16+vSdp56
=P6bJ
-----END PGP SIGNATURE-----