bittorrent in core? what frontend?
Stephen Pollei
stephen_pollei at comcast.net
Sat Dec 17 21:10:22 UTC 2005
On Sat, 2005-12-17 at 12:12, Callum Lerwick wrote:
> Actually, when you're talking about processes on the local machine,
> firewall rules are a totally hackish way of going about this.
Actually it's having to dynamically alter your policy, because of the
weakness of it's expression that is hacky. Between selinux and netfilter
you should be able to precisely state your policy.
The only thing is his UPnP nternet Gateway Device (IGD) controller via
Dbus should be a userland process and this deputy should be able to
inspect the selinux domain of the requesting process and based it's
decisions on that as well.
> What you want to do, is have some kind of local ACL that says what
> processes and users can bind to what ports.
> Can selinux do this? If not, it should.
In theory yes, of course some people are disabling even the targeted
policy and the strict policy might not yet be ready for primetime.
You'd need the strict policy if you don't want most user's processes
running as unconfined_t .
How is the work on getting strict policy working well going anyway?
http://www.netfilter.org/
http://www.nsa.gov/selinux/
http://selinux.sourceforge.net/
http://www.knoxscape.com/Upnp/NAT.htm
http://www.microsoft.com/technet/prodtechnol/winxppro/support/upnp01.mspx
http://en.wikipedia.org/wiki/Internet_Gateway_Device
http://www.upnp.org/standardizeddcps/igd.asp
--
http://dmoz.org/profiles/pollei.html
http://sourceforge.net/users/stephen_pollei/
http://www.orkut.com/Profile.aspx?uid=2455954990164098214
http://stephen_pollei.home.comcast.net/
http://www.biglumber.com/x/web?sn=Stephen+Pollei
https://keyserver-beta.pgp.com/vkd/DownloadKey.event?keyid=0x910F6BB54A7D9677
GPG Key fingerprint = EF6F 1486 EC27 B5E7 E6E1 3C01 910F 6BB5 4A7D 9677
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20051217/5e777f2d/attachment-0002.bin
More information about the devel
mailing list