On Fri, Jul 24, 2009 at 18:08:55 -0400, Simo Sorce <ssorce@xxxxxxxxxx> wrote: > On Fri, 2009-07-24 at 17:44 -0400, Simo Sorce wrote: > > > > now if you allow to apply application labels to packets then you could > > say that packets directed to 8080 are labeled squid_t and not apache_t > > and that would make quite a difference. > > > > It would prevent a rogue apache that gets to listen to 8080 to get any > > packet as they would be labeled squid_t which is not apache_t. > > Sorry Bruno, > after re-readying what you said I think we meant basically the same > thing. The above is how I think the feature is supposed to work. I haven't actually tried it though. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
