Chris PeBenito <[EMAIL PROTECTED]> a écrit :

On Tue, 2007-08-28 at 16:50 +0200, [EMAIL PROTECTED] wrote:
Chris PeBenito <[EMAIL PROTECTED]> a écrit :

> On Mon, 2007-08-27 at 15:25 +0200, [EMAIL PROTECTED] wrote:
>> I have noticed that per default the salsauthd daemon is allowded to
>> answers to every nodes on the world, as the network rules are
>>       corenet_tcp_sendrecv_all_if(saslauthd_t)
>>       corenet_tcp_sendrecv_all_nodes(saslauthd_t).
>>
>> However, I want to optimize this in order to provide a deeper control with
> [...]
>>          corenet_tcp_sendrecv_lo_if(saslauthd_t)
>>          corenet_tcp_sendrecv_all_nodes(saslauthd_t)
>
>
>> The compilation works well but I have a problem at the qmerge step :
>> the lo_netif_t dependance can not be solved. Why is this though
>> internel modules (namely kernel/corenetwork.if) used these macros ?
>
> lo_netif_t is not defined in the policy.  You would have to declare it
> in your local policy and then semanage to label the interface.

In fact, that's what I tried but I miss a point : what do you mean by
'label the interface' ?  I try to find any lo interface but nothing.
The same for others interfaces (ethX). I can not find any netif_type
labelled device on my system so I think that I do not really
understand this point.

Label the interface means you're giving the device lo the type
lo_netif_t.  By default all network interfaces are netif_t, so if you
don't explicitly label it, lo will also be netif_t.

Yes, but the problem was how to label the lo interface (sorry, my previous post was not really clear about that ...)

I do not have any /dev/lo device so I may have to use netifcon statement.
But when I try to compile the module (either with checkmodule or make), with for instance
netifcon lo system_u:object_r:netif_lo_t system_u:object_r:unlabeled_t
I get
"netifcon lo system_u:object_r:netif_lo_t system_u:object_r:unlabeled_t
checkmodule:  error(s) encountered while parsing configuration"

Is it related to the fact that I don't have a net_contexts file (though all kernel options for SELinux have been used)

-- Julien Thomas
--
Chris PeBenito
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243




--
[EMAIL PROTECTED] mailing list

Reply via email to