My understanding of the inner workings of SELinux is fairly limited, so please speak slowly to me. I'm getting the hang of basic file and device access, but I'm not so good with the other resources SELinux controls. I need to lock down the local interprocess communications (sockets, pipes, shared memory...) for a few untrusted applications under the targeted policy. For example, I want to write policies for Mozilla and Eclipse such that Eclipse may connect to Mozilla's tcp socket 80 via loopback, but Eclipse may not connect to any other process's tcp socket 80 via loopback. Same thing goes for other methods of IPC. I suspect this means I have to figure out how to label sockets and the like with special contexts as they are created. Am I on the right track here? If so, how would I adjust my policies to label these IPC resources on a per-process basis? Or is this not do-able with SELinux? What I'm proposing here is a little more involved than most of the SELinux documentation I've found online, so any good resources would be appreciated. Of course, the more that is spelled out for me in a direct reply the bigger my head start will be. At this point I don't even know where to begin. By the way, is the Fedora list or the NSA list more appropriate for this sort of question? I hate to double-post, but I want good exposure. Thanks, Stephen Brueckner, ATC-NY -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list