Mr Dash Four wrote:
I am trying to restrict an application I have installed to have
access
to a specific network interface only (tun0).
Are all network interfaces labelled 'automatically' by SELinux with
'netif_xx_t' or do I have to label them manually from the policy file?
If I have to do that manually is it done with the network_interface(...)
macro?
Also, if I relabel the interface would I have to amend all other
policies for applications which need access to that interface
(applications which use the 'generic' naming - netif_t) or is this not
necessary?
I've seen there is a macro in corenetwork.if.in called
'corenet_all_recvfrom_labelled' - is that macro allowing me to receive
packets from labelled interface?
Thanks in advance!
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I just wanted to note that I have had much more difficulty knowing if I
have control over my network devices since the 2.6.30 kernel. Network
control (Internet) is the only reason I use SELinux. If there is new
and improved documentation for the usage of the network controls, I
would greatly appreciate knowing about it.
-Ken-