On Fri, Jul 24, 2009 at 14:49:08 -0700, Roland McGrath <roland@xxxxxxxxxx> wrote: > SECMARK. I sure didn't. I think I might now, sort of. The SELinux policy > just says contexts, and it doesn't say anything about the port numbers. If you really just want to use local ports, that is available in selinux policy. I don't know if it only applies to listen, but there are port restrictions for some apps. The SEMARK stuff is supposed to allow you to have more complicated (maybe stateful) rules for labelling packets. Besides that there is also a way to have labels in the packets themselves so that you can use labelling accross a network. I don't know if Fedora supports any of that, but at least some of the needed infrastructure is already in the upstream kernel. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
