On Wed, 2008-07-02 at 16:32 +0200, Christian Kuester wrote: > Stephen Smalley schrieb: > >> I'm using Fedora 8 and would like to put types on various nodes. > >> What would be the best way to do it since semanage seems to support > >> doing nodecons on specific nodes. > >> > > I don't believe this is presently supported by semanage, although the > > libsemanage infrastructure exists. > > > I've seen a older discussion on the NSA-SELinux mailinglist about that. > The patch > for semanage wasn't commited though. > > However, I think what you likely want is to use secmark instead. > > http://james-morris.livejournal.com/11010.htm > Interesting article. Perhaps I could use this instead of nodecon but it > seems much more > complex than that. The only thing I want to accomplish is to have a way > to restrict > node_binds, so that specific programs can only open sockets on 127.0.0.1 > (f.i.). Ok - then you do want node contexts. As I recall, the patch posted to selinux list circa 2006 for adding semanage node context support didn't actually work correctly and no one chased it down. So if you want to revive it on selinux list and see if we can hunt down the underlying issue, that might be worthwhile. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
