On Wednesday 09 January 2008 8:39:41 am Stephen Smalley wrote:
> On Wed, 2008-01-09 at 08:30 -0500, Paul Moore wrote:
> > Fair enough. I'll try to think of something catchy to replace the
> > send permission in the forwarding outbound case ... if anybody has
> > any great ideas I'd love to hear them.
>
> Well, you could just go with the obvious:
> # inbound traffic to be forwarded
> allow peer_t secmark_t:packet forward_in;
> # outbound forwarded traffic
> allow peer_t secmark_t:packet forward_out;
'forward_in' and 'forward_out'? I thought I said "something catchy"?
:)
Seriously though, I can't think of anything better so { forward_in
forward_out } it is.
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
