> I don't think I explained it well. I was thinking what if you had this rule: > > -A INPUT -Z cups_t -j ACCEPT > > and then cups was compromised and started listening on port 80. Since the > above rule has no port restrictions and cups is allowed to accept connections, > would cups now be able to start serving web pages? I think the idea was that cups_t is a key into policy so that policy expresses what this iptables rule means, not that the rule says "treat whatever any cups_t process happens to be doing this way". At least, that's the good idea. ;-) Thanks, Roland -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
