> > >> * during boot and shutdown you can guarantee no network access
> > >
> > > You can do this through a variety of other mechanisms that have
> > > nothing to do with secmark labels.
> >
> > No, you can't.
>
> Yes, you can. See "netif:{ ingress egress }".
>
This assumes you have netlabel rules enabled. I would like to see the configuration option noted as a possibility in netlbl_enabled() to be 1 without a kernel patch. This then would assure that there are always netif checks are active in the absence of secmark rules is this is desired.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
