[redhat-lspp] Labeling an interface

Joe Nall joe at nall.com
Thu May 31 18:12:45 UTC 2007


On May 31, 2007, at 12:15 PM, Stephen Smalley wrote:

> On Thu, 2007-05-31 at 10:58 -0500, Joe Nall wrote:
>> I would like to label an ethernet interface so that all of the
>> inbound connections are labeled with a range.
>>
>> semanage interface -a -t netif_t --range S-S eth1
>>
>> succeeds, but getpeercon fails with "Protocol not available"
>>
>> Is there any way to do this with what is in evaluation?
>
> getpeercon() only returns a context if a labeled networking mechanism
> was used; we don't implicitly convey the netif label or secmark  
> label to
> it.  So if you want a default labeling behavior, that has to be  
> done in
> your application, e.g. the application would fall back to some default
> if getpeercon() failed.

Can you point me at the API to query the netif label?

joe




More information about the redhat-lspp mailing list