> I have a bit of a conundrum for the more knowledgeable on here: I > would like to define a block in the policy file (.te) - via > tunable_policy statement perhaps - which is executed based on a > particular value set from outside. For example: > > I would like to activate a block of the following statements: > > network_node(XXX, s0 - mls_systemhigh, YYY, ZZZ) > corenet_tcp_sendrecv_XXX_if(my_t) > corenet_udp_sendrecv_XXX_if(my_t) > corenet_tcp_sendrecv_XXX_node(my_t) > corenet_tcp_bind_XXX_node(my_t) > corenet_udp_bind_XXX_node(my_t) > > > depending on a particular value being set for XXX, YYY and ZZZ (being > the actual interface name, its IP address and netmask) from the > outside - possibly via the SELinux tools. Is that possible? > > The reason I am doing this is because I am writing a policy for a > couple of domains/processes and want to restrict their access down to > a particular node of particular number of interface which will be > defined (i.e. the interface name, IP address and netmask) AFTER the > policy has been built and once defined, the values may change. My > SELinux knowledge is not that complete to figure out how to deal with > this. Any help is, as always, appreciated. Thanks. I guess nobody knows or nobody's willing to help then. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
