On 11/15/2016 10:14 AM, Stephen Smalley wrote: > On 11/15/2016 12:28 PM, Casey Schaufler wrote: >> I am looking for an SELinux configuration that uses CIPSO. >> Ideally, it would be based on a readily available distro, >> but I'm willing to perform semi-heroic acts if I have too. >> I'm not in a position to develop it myself, nor would that >> really suit my nefarious purposes. Thank you. > Can you clarify what you mean? There is a sample NetLabel configuration > in the selinux-testsuite (in tests/inet_socket/netlabel-load) that > configures full SELinux labeling over loopback connections, used by the > inet_socket tests. And the corresponding SELinux policy rules for those > tests can be found in policy/test_inet_socket.te within the testsuite. That will probably get me started. I'll have a look at the test documentation. I am also looking for a configuration that I can use for exploring a "real" CIPSO environment, where two or more machines are talking to each other using CIPSO. I think that I understand how that is supposed to work, but there's nothing like seeing the packets fly. Is there a case for that in the test suite? Thank you. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
