Firewall rules using SELinux context (Was Re: RFE: FireKit)

[Glen Turner]

On 25/07/09 07:14, Simo Sorce wrote:

> What's the value of labeling packets based on source/destination ports ?
> Doesn't seem to add any new information.

Indeed.

Security marking can add an additional IP header, so that a multilevel
operating system on one machine can pass those multiple levels of data
across an intervening network.

-- 
  Glen Turner