Mr Dash Four wrote: > I am trying to restrict an application I have installed to have access > to a specific network interface only (tun0). > > Are all network interfaces labelled 'automatically' by SELinux with > 'netif_xx_t' or do I have to label them manually from the policy file? > If I have to do that manually is it done with the network_interface(...) > macro? > > Also, if I relabel the interface would I have to amend all other > policies for applications which need access to that interface > (applications which use the 'generic' naming - netif_t) or is this not > necessary? > > I've seen there is a macro in corenetwork.if.in called > 'corenet_all_recvfrom_labelled' - is that macro allowing me to receive > packets from labelled interface? > > Thanks in advance! > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I just wanted to note that I have had much more difficulty knowing if I have control over my network devices since the 2.6.30 kernel. Network control (Internet) is the only reason I use SELinux. If there is new and improved documentation for the usage of the network controls, I would greatly appreciate knowing about it. -Ken- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
