On Wed, 2008-02-20 at 09:18 -0500, Paul Moore wrote: > On Wednesday 20 February 2008 12:11:56 am Kohei KaiGai wrote: > > Paul Moore wrote: > > > On Tuesday 19 February 2008 7:59:22 pm Kohei KaiGai wrote: [...] > > >> For example: > > >> -- at postgresql.if > > >> interface(`postgresql_labeled_connect',` > > >> gen_require(` > > >> type postgresql_t; > > >> ') > > >> corenet_tcp_recvfrom_labeled($1,postgresql_t) > > >> ') > > >> > > >> and > > >> -- at apache.te > > >> postgresql_labeled_connect(httpd_t) > > >> [...] > > This patch adds the following interfaces: > > - postgresql_labeled_communicate(domain) > > - mysql_labeled_communicate(domain) > > - ssh_labeled_communicate(domain) > > If this approach is approved by everyone else, I think we would want to add > similar interfaces to all of the network facing daemons in the policy. I > know it's a lot of work but it's the right thing to do. I agree. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
