RE: SECMARK unlabeled_t & application access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Petr,

Thanks for the info.


Jeroen

-----Original Message-----
You can list all rules where a target type is unlabeled_t, a class is packet and perms are recv,send using the following command:


# sesearch -A -t unlabeled_t -c packet -p recv,send Found 5 semantic av rules:
   allow kern_unconfined unlabeled_t : packet { send recv relabelto flow_in flow_out forward_in forward_out } ;
   allow kernel_t unlabeled_t : packet send ;
   allow domain unlabeled_t : packet { send recv } ;
   allow pki_apache_domain unlabeled_t : packet { send recv } ;
   allow haproxy_t unlabeled_t : packet { send recv } ;

There's a rule :

allow domain unlabeled_t : packet { send recv } ;

which allows it for all types assigned to attribute domain. The domain attribute identifies every type that can be assigned to a process and you can list all such types using:

# seinfo -adomain -x
   domain
      abrt_t
      abrt_dump_oops_t
...
      zoneminder_t
      zoneminder_script_t
      zos_remote_t



> Second short question, is there a search function for the mailing list archive or do I have to click a link for every month to find some information?
>

AFAIK there's no such option in mailman at fedorepoject.org. But the list could be mirrored elsewhere.


Petr

------------------------------------------------------------------------------------------------------------
Disclaimer:

If you are not the intended recipient of this email, please notify the sender and
delete it.
Any unauthorized copying, disclosure or distribution of this email or its
attachment(s) is forbidden.
Thales Nederland BV will not accept liability for any damage caused by this email or
its attachment(s).
Thales Nederland BV is seated in Hengelo and is registered at the Chamber of
Commerce under number 06061578.
------------------------------------------------------------------------------------------------------------

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux