Limiting IPC with SELinux?
James Morris
jmorris at redhat.com
Mon Apr 25 15:39:35 UTC 2005
On Mon, 25 Apr 2005, Stephen Smalley wrote:
> True, but I don't think this will help much in this particular case, as
> the original poster wants to control information flow via loopback and
> you aren't likely to be using IPSEC on such traffic.
You could use null encryption and null authentication.
Another possibility is to implement SO_PEERSEC for loopback TCP, although
I think it requires more LSM hooks.
> In the absence of a sk_buff security field and associated hooks for
> lifecycle management, I think that we'd have to go with something like
> the iptables MARK module, ala LIDS.
I think this is at the wrong layer; how would you query the socket for
peer security information?
- James
--
James Morris
<jmorris at redhat.com>
More information about the fedora-selinux-list
mailing list