Ohhhhh ... I see your point now. The mere fact that I've called domain_type(brindle_client_t) may give me ipsec_labeled(domain) for free. I'll look into that. Thank you!!! > -----Original Message----- > From: Joy Latten [mailto:latten@xxxxxxxxxxxxxx] > Sent: Friday, February 15, 2008 5:41 PM > To: Clarkson, Mike R (US SSA) > Cc: selinux@xxxxxxxxxxxxx > Subject: RE: Brindle example of labeled IPSec > > >I agree with everything that you've mentioned above, the only problem > >being that my brindle_client and brindle_server modules didn't call the > >ipsec_labeled interface. That's why I'm confused as to why it is > >working. It shouldn't be working. > > It's been a while and I don't have the policy in front of me, > so others may be better able to answer this... > The base reference policy (when using mls) contains this rule. It has a > rule, ipsec_labeled(domain). > > > regards, > Joy -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
