[redhat-lspp] Xinetd patches for selinux context configuration
James Antill
jantill at redhat.com
Wed Nov 29 23:30:22 UTC 2006
On Wed, 2006-11-29 at 17:13 -0500, Paul Moore wrote:
> James Antill wrote:
> > On Wed, 2006-11-29 at 16:32 -0500, Stephen Smalley wrote:
> >
> >>I'm not sure the approach is quite workable yet either - if you
> >>configure xinetd to use labeled networking but the incoming connection
> >>is coming from a host that doesn't support it, getpeercon() will fail
> >>and you need to gracefully deal with it (e.g. fall back to some default,
> >>possibly based on the client machine's address).
> >
> > Isn't this exactly what netlabel is for? Do we really want to duplicate
> > that for each daemon?
>
> NetLabel is a method of explicit labeled networking, i.e. it sends security
> attributes with each packet that both hosts must understand.
As I understand it, you can say label received packets from host X with
context Y. Is that not so?
--
James Antill <jantill at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061129/96bbab7b/attachment.sig>
More information about the redhat-lspp
mailing list