In addition to the patches posted earlier, there are two additional
labeled IPsec patches needed to fix up the SYN-ACK issue.
---
Paul Moore (2):
selinux: look for IPsec labels on both inbound and outbound packets
selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
security/selinux/hooks.c | 44 ++++++++++++++++++++++++++++------
security/selinux/include/xfrm.h | 8 ++++--
security/selinux/xfrm.c | 51 +++++++++++++++++++++++++++++++--------
3 files changed, 82 insertions(+), 21 deletions(-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
