Description of problem: The NetLabel and IPsec management tools fail to start at boot due to problems with the MLS policy. The IPsec problems have been discussed on the SELinux mailing list: * http://marc.theaimsgroup.com/?t=117346104800002&r=1&w=2 * http://marc.theaimsgroup.com/?t=117346081500003&r=1&w=2 A series of patches have been posted to the SELinux mailing list which addresses these problems: * http://marc.theaimsgroup.com/?l=selinux&m=117347274928694&w=2 Version-Release number of selected component (if applicable): selinux-policy-mls-2.4.6-30.el5 How reproducible: Every time Steps to Reproduce: 1. Configure NetLabel and/or IPsec to start at boot time 2. Boot the system Actual results: See the above mailing list links for detail Expected results: The system is configured as expected Additional info: This is directly related the LSPP certification efforts of Red Hat, HP, and IBM.
Patches applied to selinux-policy-2.4.6-45
I just tested selinux-policy-2.4.6-45 and can verify that it does solve the problems described in this bug report.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0544.html