So, i just remove ipv6 support from system and this programm using ipv4 loopback with normal label processing now :) Bug reported https://bugzilla.redhat.com/show_bug.cgi?id=963427
On Wed, May 15, 2013 at 5:48 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
On Wednesday, May 15, 2013 11:57:34 AM vlad halilov wrote:CIPSO is an IPv4-only protocol, CALIPSO/RFC5570 is a similar protocol for IPv6
> Hello guyz. Is any way to mark traffic for ipv6 loopback interface as
> 'cipso'?
but unfortunately I have not yet finished its Linux/SELinux implementation.
On RHEL6.4 if you want to use labeled networking for IPv6 addresses you can
either use the NetLabel static/fallback labeling or labeled IPsec (yes, you
can use IPsec over loopback with some tweaking, but it is not an ideal
solution).
Ouch, that's not good. I'll take a look at that, but since this is on RHEL6.4
> p.s. btw, i tried to make something fool action, like 'netlabelctl map add
> default address:::/128 protocol:cipsov4,32' and get kernel bug .. :) is
> these result need to be reported or no?
I would highly recommend you file a bug with the Red Hat's Bugzilla.
* http://bugzilla.redhat.com
--
paul moore
www.paul-moore.com
