On Tue, Jun 4, 2013 at 11:04 AM, Kevin Wilson <wkevils@xxxxxxxxx> wrote: > Hi, > I tried this: > > modprobe xt_SECMARK > iptables -t mangle -A PREROUTING -p tcp --dport 80 -j SECMARK --selctx > httpcontext You would need a full SELinux context here, such as system_u:object_r:http_packet_t:s0, and you'd need to ensure that the label actually exists in your policy. > and got: > iptables: No chain/target/match by that name. > > > Kernel log says: > localhost kernel: [ 491.321048] xt_SECMARK: unable to > map security context 'httpcontext' > > Any ideas what should I do to enable this rule? > > regards, > Kevin > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
