Re: Firewall rules using SELinux context (Was Re: RFE: FireKit)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 24, 2009 at 16:55:23 -0400,
  Steve Grubb <sgrubb@xxxxxxxxxx> wrote:
> 
> I don't think I explained it well. I was thinking what if you had this rule:
> 
> -A INPUT -Z cups_t -j ACCEPT
> 
> and then cups was compromised and started listening on port 80. Since the 
> above rule has no port restrictions and cups is allowed to accept connections, 
> would cups now be able to start serving web pages?

I thought the idea was to label packets based on source and destination
(including ports) not application. Applications would get access to the
packets based on their context and the context (labels) of the packets.
I may have misunderstood though.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux