Hi List,
I'm trying to use network interface labeling with Fedora 8. But it
doesn't behave like I would assume, so it seems that I'm doing something
wrong. Here's the way I did it:
I added a type blacknic_netifcon_t in a local module by
type blacknic_netifcon_t;
and
# semanage interface -a -t blacknic_netifcon_t eth1
results of this command seem correct since:
# seinfo --netif
Netifcon: 2
netifcon eth1 system_u:object_r:blacknic_netifcon_t:s0
system_u:object_r:blacknic_netifcon_t:s0
netifcon lo system_u:object_r:lo_netif_t:s0 - s15:c0.c1023
system_u:object_r:unlabeled_t:s0 - s15:c0.c1023
But packets over this interface are still unlabeled:
type=AVC msg=audit(1215170990.011:689777822): avc: denied { send } for
pid=30988 comm="socat" saddr=192.168.100.54 src=3 daddr=78.xx.xx.xx
dest=1024 netif=eth1 scontext=user_u:user_r:exe_t:s0
tcontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tclass=packet
Christian
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
