[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall rules using SELinux context (Was Re: RFE: FireKit)



On Fri, Jul 24, 2009 at 18:08:55 -0400,
  Simo Sorce <ssorce redhat com> wrote:
> On Fri, 2009-07-24 at 17:44 -0400, Simo Sorce wrote:
> > 
> > now if you allow to apply application labels to packets then you could
> > say that packets directed to 8080 are labeled squid_t and not apache_t
> > and that would make quite a difference.
> > 
> > It would prevent a rogue apache that gets to listen to 8080 to get any
> > packet as they would be labeled squid_t which is not apache_t.
> 
> Sorry Bruno,
> after re-readying what you said I think we meant basically the same
> thing.

The above is how I think the feature is supposed to work. I haven't
actually tried it though.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]