Thanks, I will take another look at Netlabel's fallback/static labeling. So how can I verify if my kernel (the default RHEL 5.3 kernel 2.6.128) has Netlabel support? Also I currently have separate ssh daemons running at certain sensitivities (runcon) and bound to specific IP addresses (separate sshd_config files). Will fallback labeling impact my ssh setup? Thanks Mike -----Original Message----- From: Paul Moore [mailto:paul.moore@xxxxxx] Sent: Tuesday, April 13, 2010 5:55 PM To: Benedict, Phillip M Cc: Michal Svoboda; selinux@xxxxxxxxxxxxx Subject: Re: MLS telnet question On Tuesday 13 April 2010 12:42:36 pm Michal Svoboda wrote: > Benedict, Phillip M wrote: > > The network does not carry any cipso data for evaluation by my > > server, so I don’t think I can use netlabel. > > You can use the fallback label feature that can assign labels > statically per remote IP. NetLabel fallback/static label example configuration: * http://paulmoore.livejournal.com/1758.html -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
