Hello, Not sure if this is the best place for n00b questions but here we go: How can I restrict a port to only a process? Let's say I have FOO process that wants to listen to port 2345 and no other process on the machine to listen to it. Is it possible? The way I see it is that unconfined processes would still have access to that port, right? My actual problem is that I want to make a mutual TLS connection between 2 unsecured apps that I am not a developer of. The apps (client/server) use a TCP based protocol that is not text based or related to HTTP. So I start a TLS tunel with stunel that listens to 2345 on localhost and forwards it to remote_machine port 2345. I want to be certain that other process can connect to localhost:2345 except my FOO process. foo_process ---> localhost:2345 ===> remote_machine:2345 ---> is insecure and I want to restrict ===> is mutual TLS over the network Is this possible? Is this a good solution? Thank you, Andrei Petcu
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
