[redhat-lspp] secid reconciliation and localhost sockets
Joe Nall
joe at nall.com
Wed Oct 11 19:07:15 UTC 2006
On Oct 11, 2006, at 10:36 AM, Paul Moore wrote:
> Joe Nall wrote:
>> If the secid reconciliation patches don't make RH5, will localhost
>> IP connections have MLS policy applied?
>
> Just a second while I get my dead-horse-beating-mallets out of my
> desk drawer
> ... there we go.
>
> NetLabel, which *should* be present in RHEL5 with full support,
> works without
> problem over localhost. This means that, if NetLabel is configured
> for the
> sending domain, packets sent to/over/through the localhost
> interface will carry
> MLS attributes and will have MLS policy applied as one would expect.
For 240 of the 1024 categories in the current policy :)
Netlabel/CIPSO is great for talking to other operating systems, but
if it the _only_ mechanism to label local IP sockets, we have a problem.
joe
More information about the redhat-lspp
mailing list