iptables match based on source security context?
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 15 16:23:55 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/15/2011 12:16 PM, Christoph A. wrote:
> Hi,
>
> I'd like to redirect traffic (for transparent proxying) coming from a
> program running in a sandbox_net_t (or sandbox_web_t) sandbox, but as
> far as I've seen there is no possibility to match/mark packets based on
> there local security context origin.
>
> Is that idea somehow possible?
>
> thanks,
> Christoph A.
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I am not sure about proxying, but you can force all packets from the
sandbox to go to a proxy server and block them if they tried to go direct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2ocRoACgkQrlYvE4MpobOghQCfXCVcsFSlb7PLnvQoJnEVist5
sfoAnA2vNM1AWgwopCC+haney3Y7hdC6
=FJCo
-----END PGP SIGNATURE-----
More information about the selinux
mailing list