Hi Mark, If interested, there are ietf drafts for labeled ipsec, http://www.ietf.org/internet-drafts/draft-jml-ipsec-ikev1-security-context-00.txt and http://www.ietf.org/internet-drafts/draft-jml-ipsec-ikev2-security-context-00.txt. Also, I'd be happy to help by answering any questions. regards, Joy Latten On Wed, 2009-04-22 at 23:01 -0400, Mark Webb wrote: > I am looking at the IPSec-based labeled networking. > > BTW. I will be at the Tresys Advanced Policy course next week. Is > any of this covered there? > > Thanks, > > On Wed, Apr 22, 2009 at 6:21 PM, Chad Sellers <csellers@xxxxxxxxxx> wrote: > > Josh's article talks about IPSec labeled networking (as well as using > > SECMARK which provides firewall-level networking controls), as opposed to > > Netlabel labeled networking. I played with the IPSec-based stuff in Fedora 9 > > and everything was there, so I'd imagine it's still there in F10. Just make > > sure you install ipsec-tools. > > > > Chad Sellers > > > > > > On 4/22/09 7:26 AM, "Mark Webb" <elihusmails@xxxxxxxxx> wrote: > > > >> I am interested in experimenting with the labeled networking that SE > >> Linux offers. I am reading through Josh Brindle's blog > >> > >> http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinux/ > >> > >> My question is, how do I know if my kernel is capable of supporting > >> this? I am currently running Fedora 10 with all the latest updates > >> but not sure how to check. > >> > >> Also if I compile a kernel from source, is there anything that needs > >> to be done in the configuring of the kernel build to enable the > >> labeled networking? > >> > >> Thanks, > >> Mark > >> > >> -- > >> This message was distributed to subscribers of the selinux mailing list. > >> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > >> the words "unsubscribe selinux" without quotes as the message. > > > > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
