> And what if another instance of the same app may use lo_netif_t and not > tun0_netif_t. How are you going to define which domain the app should > run in? > The application should utilise both domains as it needs access to both interfaces. Is that not possible to define more than one domain for a particular application? Just a guess on my part, but is it not possible to create two init_daemon_domain statements at the start of the policy file and associate them both with the executable file? That is provided there isn't any other elegant solution in which to utilise both interfaces with separate set of permissions - I am still looking to see if that is not the case. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
