|Main Archive Page > Month Archives > fedora-selinux archives|
I am trying to restrict an application I have installed to have access
to a specific network interface only (tun0).
Are all network interfaces labelled 'automatically' by SELinux with
'netif_xx_t' or do I have to label them manually from the policy file?
If I have to do that manually is it done with the network_interface(...)
Also, if I relabel the interface would I have to amend all other
policies for applications which need access to that interface
(applications which use the 'generic' naming - netif_t) or is this not
I've seen there is a macro in corenetwork.if.in called
'corenet_all_recvfrom_labelled' - is that macro allowing me to receive
packets from labelled interface?
Thanks in advance!
-- selinux mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/selinux