Stephen Smalley schrieb: >> I'm using Fedora 8 and would like to put types on various nodes. >> What would be the best way to do it since semanage seems to support >> doing nodecons on specific nodes. >> > I don't believe this is presently supported by semanage, although the > libsemanage infrastructure exists. > I've seen a older discussion on the NSA-SELinux mailinglist about that. The patch for semanage wasn't commited though. > However, I think what you likely want is to use secmark instead. > http://james-morris.livejournal.com/11010.htm Interesting article. Perhaps I could use this instead of nodecon but it seems much more complex than that. The only thing I want to accomplish is to have a way to restrict node_binds, so that specific programs can only open sockets on 127.0.0.1 (f.i.). Kind regards, Chris -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
