On 08/25/2014 07:11 AM, Stepan G. Fedorov wrote: > Hello! > > Goal of this experiment is to see allow rules for netif class objects is > working. > > I use debian wheezy whith MLS selinux policy, in enforced mode. > > eth0 is hte only netwotk interface, except lo. > > sesearch --allow -cnetif shows lots of allow rules for netif_t target > type / netif target class. > > I do: > 1) I add new type nginx_http_if_t with my own policy module; > 2) semanage interface -a -t nginx_http_if_t -r s1:c0.c1023 eth0. > > I expect: to see all the processes in system unable to read/write > packets from eth0 interface. > > I actually got: nothing changes - all networking is working as it was > before changing of interface context. > > > What am I doing/understanding wrong? Legacy network checks are gone; use peer labeling or secmark instead, http://paulmoore.livejournal.com/tag/documentation _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
