On Mon, 25 Apr 2005, Stephen Smalley wrote: > True, but I don't think this will help much in this particular case, as > the original poster wants to control information flow via loopback and > you aren't likely to be using IPSEC on such traffic. You could use null encryption and null authentication. Another possibility is to implement SO_PEERSEC for loopback TCP, although I think it requires more LSM hooks. > In the absence of a sk_buff security field and associated hooks for > lifecycle management, I think that we'd have to go with something like > the iptables MARK module, ala LIDS. I think this is at the wrong layer; how would you query the socket for peer security information? - James -- James Morris <jmorris@xxxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
