On 10/10/2018 07:57 AM, Ville Baillie wrote:
Hi, Does SELinux provide any sort of mechanism for blocking exec on commands based on their command line arguments? The proposed use case goes a little like this, allow 'wget' to access 'http://good-server-1/*' and 'http://good-server-2/*' but block access to other hostnames and log the access type. I understand there are probably other ways to achieve this but am wondering if it is possible just using SELinux?
Not based on command line arguments, no. If you wanted to provide SELinux-based control over the network traffic, you could configure iptables SECMARK rules.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
