Ken wrote:
What can be sent and received as rawip to and from kernel_t, and what
are the limitations of what can be done with the data? I am interested
in understanding the security implications of this (and other) SELinux
permissions. Is there anyone who can direct me to reference materials
that explain the security implications of allowing various SELinux
permissions?
Update:
It appears that allowing rawip did not fix the problem, but that it was
only a coincidence that the site worked for me after making the change;
so understanding this permission is now less important to me.
I am assuming that since no one answered any of my emails regarding
permission documentation that there is none. With this this in mind, I
have a suggestion for those who have a good understanding of SELinux:
Please create documentation that will allow an individual to research
and understand the security implications of various permissions without
the need for taking the time to gain an extensive knowledge of the LSM
and SELinux. This would be very helpful to me (and I am sure to many
other people as well) since I only want to learn what I need to in order
to secure my system, and having a source of information would eliminate
the need to know enough to extract the information myself.
- Ken -
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
