On 1/9/2011 12:56 AM, Russell Coker wrote:
I notice that iodine (IP over DNS tunnel daemon) has sample SE Linux policy and a SE Linux patch to the source code. The way it works is that you give iodine a -z parameter with the context that you want and it then calls setcon() to get it. What I am thinking of doing is writing policy for iodine, icmptx, and any other daemon that operates in a similar manner that has an automatic domain transition and no setcon(). I am thinking of making this tunnel_t. What do you think?
I'm not familiar with these tunnel services; does it make sense to adapt the existing stunnel policy? Or if we went to a tunnel_t generic service, would it be possible to get stunnel over to it?
-- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
