Adding local nodecons
Christian Kuester
kuester at cs.uni-bonn.de
Wed Jul 2 14:32:44 UTC 2008
Stephen Smalley schrieb:
>> I'm using Fedora 8 and would like to put types on various nodes.
>> What would be the best way to do it since semanage seems to support
>> doing nodecons on specific nodes.
>>
> I don't believe this is presently supported by semanage, although the
> libsemanage infrastructure exists.
>
I've seen a older discussion on the NSA-SELinux mailinglist about that.
The patch
for semanage wasn't commited though.
> However, I think what you likely want is to use secmark instead.
> http://james-morris.livejournal.com/11010.htm
Interesting article. Perhaps I could use this instead of nodecon but it
seems much more
complex than that. The only thing I want to accomplish is to have a way
to restrict
node_binds, so that specific programs can only open sockets on 127.0.0.1
(f.i.).
Kind regards,
Chris
More information about the fedora-selinux-list
mailing list