[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-netdev
Subject:    Re: Is TCP over IPsec broken in 2.6.18?
From:       James Morris <jmorris () namei ! org>
Date:       2006-09-30 14:44:31
Message-ID: Pine.LNX.4.64.0609301044090.26813 () d ! namei
[Download RAW message or body]

On Sat, 30 Sep 2006, Evgeniy Polyakov wrote:

> On Sat, Sep 30, 2006 at 10:36:29AM -0400, James Morris (jmorris@namei.org) wrote:
> > On Sat, 30 Sep 2006, Evgeniy Polyakov wrote:
> > 
> > > I need to cofirm that broken system in my setup does have selinux enabled 
> > > with enforcing mode.
> > > I've changed it to permissive mode and it fixed setup (I do not see any 
> > > warnings in dmesg).
> > 
> > Something better in your case would likely be to rebuild the kernel with 
> > CONFIG_SECURITY_NETWORK_XFRM=n until it's fixed.
> 
> Well, it is acrypto test machine and I do not care about security there,
> so I can even disable selinux completely, but it will not help to resolve
> the issue, right?

Yes, it is a workaround.

> 
> So if you have some patches I'm more than happy to test them.

Ok, coming soon.


-- 
James Morris
<jmorris@namei.org>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]