[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Adding local nodecons
- From: Christian Kuester <kuester cs uni-bonn de>
- To: fedora-selinux-list redhat com
- Subject: Re: Adding local nodecons
- Date: Wed, 02 Jul 2008 16:32:44 +0200
Stephen Smalley schrieb:
>> I'm using Fedora 8 and would like to put types on various nodes.
>> What would be the best way to do it since semanage seems to support
>> doing nodecons on specific nodes.
>>
> I don't believe this is presently supported by semanage, although the
> libsemanage infrastructure exists.
>
I've seen a older discussion on the NSA-SELinux mailinglist about that.
The patch
for semanage wasn't commited though.
> However, I think what you likely want is to use secmark instead.
> http://james-morris.livejournal.com/11010.htm
Interesting article. Perhaps I could use this instead of nodecon but it
seems much more
complex than that. The only thing I want to accomplish is to have a way
to restrict
node_binds, so that specific programs can only open sockets on 127.0.0.1
(f.i.).
Kind regards,
Chris
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]