# ipsec verify ... If you encounter network related SElinux errors, especially when using KLIPS, try disabling SElinux ... Well, it is not running KLIPS but netkey, anyways I feel not comfortable about disabling selinux on a ipsec router. I am not sure how to handle possible probems in this case, too. If I decide not to disable selinux, and I run into problems, should I a) report it to redhat as a bug, because it is b) disable selinux because ipsec is not meant to work with selinux Maybe just the verify script should be fixed? Maybe I should ask RedHat about this, hm. And finally, do you encounter network related SElinux errors with IPSec, both 5 and 6? -- Kind Regards, Markus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/08/2014 11:05 PM, Markus Falb wrote:> # ipsec verify ... If you encounter network related SElinux errors, > especially when using KLIPS, try disabling SElinux ... > > Well, it is not running KLIPS but netkey, anyways I feel not comfortable > about disabling selinux on a ipsec router. > > I am not sure how to handle possible probems in this case, too. If I decide > not to disable selinux, and I run into problems, should I > > a) report it to redhat as a bug, because it is b) disable selinux because > ipsec is not meant to work with selinux > > Maybe just the verify script should be fixed? Maybe I should ask RedHat > about this, hm. And finally, do you encounter network related SElinux > errors with IPSec, both 5 and 6? >Are you seeing SELinux issues? If so what? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL4HCcACgkQrlYvE4MpobPvzgCdHHHsbtxbrdbvDxoCp7IKu2nj AFsAoNei5RfmaSbrBs7PZXO16+vSdp56 =P6bJ -----END PGP SIGNATURE-----