fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: netif labelling

netif labelling

From: Mr Dash Four <mr.dash.four_at_nospam>
Date: Sat Aug 28 2010 - 22:26:41 GMT
To: selinux@lists.fedoraproject.org

I am trying to restrict an application I have installed to have access
to a specific network interface only (tun0).

Are all network interfaces labelled 'automatically' by SELinux with
'netif_xx_t' or do I have to label them manually from the policy file?
If I have to do that manually is it done with the network_interface(...)
macro?

Also, if I relabel the interface would I have to amend all other
policies for applications which need access to that interface
(applications which use the 'generic' naming - netif_t) or is this not
necessary?

I've seen there is a macro in corenetwork.if.in called
'corenet_all_recvfrom_labelled' - is that macro allowing me to receive
packets from labelled interface?

Thanks in advance!
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux