On Wednesday 09 January 2008 8:39:41 am Stephen Smalley wrote: > On Wed, 2008-01-09 at 08:30 -0500, Paul Moore wrote: > > Fair enough. I'll try to think of something catchy to replace the > > send permission in the forwarding outbound case ... if anybody has > > any great ideas I'd love to hear them. > > Well, you could just go with the obvious: > # inbound traffic to be forwarded > allow peer_t secmark_t:packet forward_in; > # outbound forwarded traffic > allow peer_t secmark_t:packet forward_out; 'forward_in' and 'forward_out'? I thought I said "something catchy"? :) Seriously though, I can't think of anything better so { forward_in forward_out } it is. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.