Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Network flow controls and subj/obj ordering
From: Paul Moore <paul.moore_at_hp.com>
Date: Thu, 13 Dec 2007 10:45:57 -0500
It doesn't work with the SECMARK stuff, or rather it works in parallel with the SECMARK stuff. We've debated integrating the peer labeling protocols (labeled IPsec, NetLabel) with the SECMARK mechanism many times but in the end we always end up deciding it doesn't make sense. The reason for the network interface, "netif_t", and node, "netnode_t", labels is that we want to be able to apply access controls to peer labeled network traffic based on the remote host and/or interface. Currently we have no way of doing this. Hopefully this is starting to get a bit more clear now ... -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 13 Dec 2007 - 10:56:23 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |