On Thu, 2005-04-14 at 17:31 -0400, Stephen Smalley wrote:
You can control network communication (loopback or otherwise) via
the
permission checks between the sending socket security context and the
security contexts of the network interface, the destination host, and
the destination port. These are the netif and node tcp_send permissions
and the tcp_socket send_msg permission. Sockets are labeled in
accordance with the creating process, so you just need to define a
domain for eclipse.
BTW, these outbound network permission checks are described in
http://www.nsa.gov/selinux/papers/module/x2324.html
And going back to your original question, for INET communication, you
can't truly do process-to-process permission checks (or even socket-to-
peersocket permission checks) because we don't presently have labeled
networking support (i.e. labeled network buffers and packets). There
was experimental support for such labeled networking in the older
SELinux (courtesy of James Morris), but the necessary hooks and security
fields to support it were not accepted into Linux 2.6. Trent Jaeger of
IBM has more recently implemented implicit packet labeling via IPSEC
security associations for SELinux, but I don't think you need that for
what you describe; the existing permission checks based on network
interface, host, and port should be sufficient.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency