Hello!
Goal of this experiment is to see allow rules for netif class objects is
working.
I use debian wheezy whith MLS selinux policy, in enforced mode.
eth0 is hte only netwotk interface, except lo.
sesearch --allow -cnetif shows lots of allow rules for netif_t target
type / netif target class.
I do:
1) I add new type nginx_http_if_t with my own policy module;
2) semanage interface -a -t nginx_http_if_t -r s1:c0.c1023 eth0.
I expect: to see all the processes in system unable to read/write
packets from eth0 interface.
I actually got: nothing changes - all networking is working as it was
before changing of interface context.
What am I doing/understanding wrong?
Thank you!
--
Stepan G. Fedorov <StFedorov@xxxxxxxxx>
Tel: +7-965-750-91-91
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
