<SNIP>
> There are 2 aspects:
>
> 1. IPsec policy matching discussed above:
> allow domain-that-should-use-labeled-ipsec
> ipsec_spd_t:association { polmatch };
>
> 2. Use of IPsec associations themselves:
>
> For sending:
> allow
> domain-that-should-use-labeled-ipsec-to-label-its-packets
> self:association { sendto };
>
> For receiving:
> allow domain-that-should-received-from-peer peer-domain
> self:association { recvfrom };
If you ignore the typos in the above rule, it would be:
allow domain-that-should-receive-from-peer peer-domain:association { recvfrom };
<snip>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
