On Wed, 2009-10-07 at 08:02 -0400, Stephen Smalley wrote: > On Wed, 2009-10-07 at 15:09 +0330, michel m wrote: > > Hi, > > > > Is there any way that I can get context for incoming http requests > > from selinux API. that is I want to classify requests based on some > > criteria like origin`s IP address or any thing that can help me to > > know what context the request is coming from. > > > > is there such an API for this is libselinux? If not, how can I have > > this knowledge by using existing API? > > If using labeled IPSEC to label the connections, you can use > getpeercon(3) in libselinux. > > http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinux/ > > Likewise with NetLabel, although there you are limited to only passing > the MLS label at present. You might be able to do something via the > fallback labeling based on IP address. > > http://paulmoore.livejournal.com/ Also, if you want to deal with it in terms of http authenticated user identity rather than connection, you might want to have a look at mod_selinux. http://code.google.com/p/sepgsql/wiki/Apache_SELinux_plus -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
