I notice that iodine (IP over DNS tunnel daemon) has sample SE Linux policy and a SE Linux patch to the source code. The way it works is that you give iodine a -z parameter with the context that you want and it then calls setcon() to get it. What I am thinking of doing is writing policy for iodine, icmptx, and any other daemon that operates in a similar manner that has an automatic domain transition and no setcon(). I am thinking of making this tunnel_t. What do you think? -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
