selinux June 2013 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: xt_SECMARK and "unable to map security context

Re: xt_SECMARK and "unable to map security context 'httpcontext'" error

From: Joshua Brindle <brindle_at_nospam>
Date: Tue Jun 04 2013 - 15:22:40 GMT
To: Kevin Wilson <wkevils@gmail.com>

On Tue, Jun 4, 2013 at 11:04 AM, Kevin Wilson <wkevils@gmail.com> wrote:
> Hi,
> I tried this:
>
> modprobe xt_SECMARK
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j SECMARK --selctx
> httpcontext

You would need a full SELinux context here, such as
system_u:object_r:http_packet_t:s0, and you'd need to ensure that the
label actually exists in your policy.

> and got:
> iptables: No chain/target/match by that name.
>
>
> Kernel log says:
> localhost kernel: [ 491.321048] xt_SECMARK: unable to
> map security context 'httpcontext'
>
> Any ideas what should I do to enable this rule?
>
> regards,
> Kevin
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.