Hello,
I am new with selinux and I have a problem:
My system: Fedora Core 5, FC5 - 2.6.16-1.2122 SMP
I am trying to set communication policies between two machines and I am
using the set of commands implemented by ipsec-tools.
I am running the command: setkey -v -f set.conf
Contents of the file set.conf (it had more things at the beginning but I
reduced it while looking for the cause of the error):
flush;
spdflush;
spdadd src dest any -ctx 1 1 "user_u:object_r:user_t" -P out ipsec
esp/transport//require ;
I always receive the same output at the end: "Invalid Argument".
sadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=16090
sadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=16090
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=16090
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=16090
sadb_msg{ version=2 type=14 errno=0 satype=0
len=16 reserved=0 seq=0 pid=16090
sadb_ext{ len=4 type=18 }
sadb_x_policy{ type=2 dir=2 id=0 priority=2147483648 }
{ len=16 proto=50 mode=1 level=2 reqid=0
}
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
82cb2034 }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
82cb2035 }
sadb_ext{ len=4 type=24 }
sadb_x_sec_ctx{ doi=1 alg=1 length=23,
context:user_u:object_r:user_t}
sadb_msg{ version=2 type=14 errno=22 satype=0
len=2 reserved=0 seq=0 pid=16090
The result of line 4: Invalid argument.
I followed the procedure and it looks like the problem is not related to
ipsec-tools but to something in the kernel, because it returns errno=22.
Running the same command without the ctx extension works fine.
Does anyone have any idea?
Thanks,
Sandra
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
