I am trying to restrict an application I have installed to have access to a specific network interface only (tun0). Are all network interfaces labelled 'automatically' by SELinux with 'netif_xx_t' or do I have to label them manually from the policy file? If I have to do that manually is it done with the network_interface(...) macro? Also, if I relabel the interface would I have to amend all other policies for applications which need access to that interface (applications which use the 'generic' naming - netif_t) or is this not necessary? I've seen there is a macro in corenetwork.if.in called 'corenet_all_recvfrom_labelled' - is that macro allowing me to receive packets from labelled interface? Thanks in advance! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
