Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Question on networking accesses
From: Paul Moore <paul.moore_at_hp.com>
Date: Mon, 21 May 2007 14:20:04 -0400
The example wasn't quite what I was hoping for as I'm still a little confused as to exactly what you are looking for. However, it's Monday and writing email is looking more attractive than real work so let me take a stab at explaining the network access controls from both a sender and receiver point of view. I'm certain I'll make a mistake or two, but hopefully somebody will point those out. A - sender without any form of labeled networking:
B - receiver without any form of labeled networking
C - sender with labeled networking using NetLabel (same as without any labeled networking, see "A") D - receiver with labeled networking using NetLabel
It is a bit more complicated with labeled IPsec as you have to deal with labeled matching of the socket and SPD/SA but I'll leave that as an exercise for the reader. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 21 May 2007 - 14:20:29 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |