[redhat-lspp] Xinetd patches for selinux context configuration
Paul Moore
paul.moore at hp.com
Wed Nov 29 22:13:54 UTC 2006
James Antill wrote:
> On Wed, 2006-11-29 at 16:32 -0500, Stephen Smalley wrote:
>
>>I'm not sure the approach is quite workable yet either - if you
>>configure xinetd to use labeled networking but the incoming connection
>>is coming from a host that doesn't support it, getpeercon() will fail
>>and you need to gracefully deal with it (e.g. fall back to some default,
>>possibly based on the client machine's address).
>
> Isn't this exactly what netlabel is for? Do we really want to duplicate
> that for each daemon?
NetLabel is a method of explicit labeled networking, i.e. it sends security
attributes with each packet that both hosts must understand.
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list