On Fri, Apr 27, 2018 at 04:42:56PM +0200, Troels Arvin wrote: > Hello, > > On Fri, Apr 27, 2018 at 4:31 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > See: > > https://github.com/SELinuxProject/selinux-kernel/issues/21 > > https://bugzilla.redhat.com/show_bug.cgi?id=1168044 > > > > OK. So currently, it's not possible to write a policy item which allows > connections to sockets on the loopback interface only. > > In that case, I'll work on a patch proposal for a boolean to activate this: > allow tomcat_t smtp_port_t:tcp_socket name_connect; I think it should be possible to control egress/ingress on labeled interfaces > > -- > Regards, > Troels Arvin -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
