Chris PeBenito <[EMAIL PROTECTED]> a écrit :
On Tue, 2007-08-28 at 16:50 +0200, [EMAIL PROTECTED] wrote:
Chris PeBenito <[EMAIL PROTECTED]> a écrit :
> On Mon, 2007-08-27 at 15:25 +0200, [EMAIL PROTECTED] wrote:
>> I have noticed that per default the salsauthd daemon is allowded to
>> answers to every nodes on the world, as the network rules are
>> corenet_tcp_sendrecv_all_if(saslauthd_t)
>> corenet_tcp_sendrecv_all_nodes(saslauthd_t).
>>
>> However, I want to optimize this in order to provide a deeper
control with
> [...]
>> corenet_tcp_sendrecv_lo_if(saslauthd_t)
>> corenet_tcp_sendrecv_all_nodes(saslauthd_t)
>
>
>> The compilation works well but I have a problem at the qmerge step :
>> the lo_netif_t dependance can not be solved. Why is this though
>> internel modules (namely kernel/corenetwork.if) used these macros ?
>
> lo_netif_t is not defined in the policy. You would have to declare it
> in your local policy and then semanage to label the interface.
In fact, that's what I tried but I miss a point : what do you mean by
'label the interface' ? I try to find any lo interface but nothing.
The same for others interfaces (ethX). I can not find any netif_type
labelled device on my system so I think that I do not really
understand this point.
Label the interface means you're giving the device lo the type
lo_netif_t. By default all network interfaces are netif_t, so if you
don't explicitly label it, lo will also be netif_t.
Yes, but the problem was how to label the lo interface (sorry, my
previous post was not really clear about that ...)
I do not have any /dev/lo device so I may have to use netifcon statement.
But when I try to compile the module (either with checkmodule or
make), with for instance
netifcon lo system_u:object_r:netif_lo_t system_u:object_r:unlabeled_t
I get
"netifcon lo system_u:object_r:netif_lo_t system_u:object_r:unlabeled_t
checkmodule: error(s) encountered while parsing configuration"
Is it related to the fact that I don't have a net_contexts file
(though all kernel options for SELinux have been used)
-- Julien Thomas
--
Chris PeBenito
<[EMAIL PROTECTED]>
Developer,
Hardened Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
--
[EMAIL PROTECTED] mailing list