Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 | netdev

(off-list ancestor, not in this archive)
Re: Is TCP over IPsec broken in 2.6.18? · Herbert Xu <herbert@gondor.apana.org.au> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · jamal <hidden> · 2006-09-25
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-30
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-30
[PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-01
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled · James Morris <jmorris@namei.org> · 2006-10-02
[PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-02
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Evgeniy Polyakov <hidden> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · David Miller <davem@davemloft.net> · 2006-10-03
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-10-04
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · James Morris <jmorris@namei.org> · 2006-10-05
Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · David Miller <davem@davemloft.net> · 2006-10-05

Re: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02

From: James Morris <jmorris@namei.org>
Date: 2006-10-04 01:33:19

Possibly related (same subject, not in this thread)

2006-10-04 · RE: [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 · Venkat Yekkirala <hidden>

On Tue, 3 Oct 2006, David Miller wrote:

I'm not saying either is wrong, I'm just pointing it out to make sure
this is intentional.

The socket policy behavior deserves some scrutiny.  I say this because
if a matching socket policy is avoided due to security layer error,
this could potentially make key manager problems very hard to
diagnose.

Yep, the code needs to be reworked in general (Venkat is doing this).



- James
-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help