[Swan-commit] Changes to ref refs/heads/main

Paul Wouters paul at vault.libreswan.fi
Sun Feb 28 03:41:41 UTC 2021


New commits:
commit 06b3aa7e49c3678cabbaeffa83725bdffc11b685
Author: Kavinda Wewegama <kavinda.wewegama at forcepointgov.com>
Date:   Sat Feb 27 02:23:20 2021 -0600

    pluto: fix bug where an extra SPD entry was created with the incorrect security label
    
    * SPD entries should only have labels specified in `policy-label` of
      connection configurations.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 88b2c79668a833c0f59211c81136ab8bded11b3b
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 27 22:27:53 2021 -0500

    pluto: Labeled IPsec: first check exact matching policy before calling within_range()
    
    The within_range() call otherwise fails in SElinux enforcing mode because it is
    not valid for the policy label configured, only the policy labels that are
    constructed from the ACQUIREs obtained.

commit 31ca65bcbfd7c31264babccd2cf26374589e452a
Author: Paul Wouters <pwouters at redhat.com>
Date:   Sat Feb 27 22:27:38 2021 -0500

    testing: labeled ipsec test updates

commit 8a18bda6eb0b6d0c97594bf4acf0b7f06a115e63
Author: Kavinda Wewegama <kavinda.wewegama at forcepointgov.com>
Date:   Sat Feb 27 01:24:16 2021 -0600

    pluto: simplify security label check logic per code review feedback
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit d53918c5f51fbb32500ae4a897001c38e889ea50
Author: Kavinda Wewegama <kavinda.wewegama at forcepointgov.com>
Date:   Thu Feb 25 21:11:12 2021 -0600

    pluto: address code review comments
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>

commit 441691e3a5398cf5723fa7f6dbb27c1d7482c604
Author: Kavinda Wewegama <kavinda.wewegama at forcepointgov.com>
Date:   Tue Feb 23 19:02:19 2021 -0600

    pluto: fix IKEv2 labeled IPsec issues at Responder
    
    * Use the TS_SECLABEL security label arriving from the Initiator for the
      child/IPsec SA instead of the `policy-label` from the connection
      configuration.
    
    Signed-off-by: Paul Wouters <pwouters at redhat.com>



More information about the Swan-commit mailing list