[Openswan dev] [RFC 1/1] Labeled IPsec communication

Paul Wouters paul at xelerance.com
Tue Oct 30 18:42:37 EDT 2007


On Tue, 30 Oct 2007, Venkat Yekkirala wrote:

> This patch adds the ability for pluto to negotiate labeled security
> associations (racoon already supports this) for use by SELinux and
> such LSMs.

Thanks for the patch!

> context for inter-operation with racoon, but I would appreciate your
> review and comments.

Please look at proving patches for openswan 2.5.x (git #testing), as the
2.4.x is in maintenance release, and no new features are being added.

Also, like other functionality that not everyone may want, it needs to
be a build option via Makefile.inc, so that it is easy to build with and
without selinux support.

I can pick this up in a few weeks to convert it to 2.5 and to use a
USE_SELINUX= flag, but feel free to send in a newer patch.

Also, we are not very familiar with SElinux. It would be very good to
add various testcases in testing/pluto/ so that we can keep the code
in a working shape.

Paul


More information about the Dev mailing list