Trent Jaeger wrote:
...
However it sounded like you could just use setsockcreatecon(3) to
achieve your goal, which would be cleaner than relabeling an existing
socket.
Yes, that works for what we are doing now. I'd be curious if someone
has a need beyond setting a label on creation.
Sure, any service that wants to serve clients with a variety of labels.
The X server is an obvious candidate. A multi-label message bus. Label
aware sendmail. xinetd. Name services (the YP/NIS of the day). Anywhere
you want the label of the response to depend on the label of the request.
Yes, we're talking about Trusted Applications here, and specially coded
ones at that. Sometimes that's the best way.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
