On Mon, May 17, 2010 at 5:15 PM, Christopher J. PeBenito <cpebenito@xxxxxxxxxx> wrote: > On Mon, 2010-05-17 at 16:42 +0500, Shaz wrote: >> How can we "make sure a guest user can only see traffic counters of >> eth0 but not eth1" > > It is not possible. That info comes out of the /proc/net/dev proc file. > All interfaces are in the same file, so you can either see all of the > interfaces or none of the interfaces. This can be controlled by > allowing or denying access to proc_net_t files. Not even with iptables-selinux? -- Shaz -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
