On Thu, May 14, 2020 at 10:01 AM Paul Tagliamonte <paultag@xxxxxxxxxx> wrote: > > Hey there Mike, > > Incredible! This is very helpful, thank you very much! I think this is > the missing building block I need. > > Have a great day, and thank you to Josh! Was computing the MLS label the only part you needed? With respect to having the daemon run in the same label as the peer (or the label derived from the intersection of the peer and the daemon), you may wish to have a look at mod_selinux for Apache and/or the old xinetd LABELED option, although neither of those would have included the new glblub support so you'll have to integrate that yourself. Or your daemon can just use setcon(3) directly if allowed by policy.
