Hello,
I'm trying to see if the following scenario is something that can be deal with selinux.
I have a daemon that start multiple identical processes ( let's call them "agent", and let's say we have 2 of them, but we could as well have 256). Those processes are there so remote client can start other processes. I want those processes to be able to read from one location (the binaries of what they are running) but also to read/write in some specific directories. Of course, agent A and agent B should not be able to interact between each other directly (they could using some tcp/http protocol) or read/write files that are not theirs.
I was thinking of transiting from the agent domain to the client application domain using a transient domain that would be automatically generated and unique, but did not see anything like that.
If you have other ideas to do that, w/o selinux, I'm open to anything :)
thank you,
Franck
