Secure Networking With SELinux
Source: SecurityBlog::Brindle - Posted by Bill Keys   
SELinux During the last year quite a bit of effort has gone into improving SELinux’ networking support, thanks to the great SELinux community. While this support is still evolving it will be very beneficial for people to try it out and give feedback so the final result is useful to more users and meets the security needs of a wider audience. As the network support in SELinux continues to evolve (there are already other ideas being discussed for possible inclusion) I’ll try to keep this post updated so that people who find it will have the latest information available.

Network support in SELinux means many things. In the old days (“old days” is very relative since it was only a few kernel releases back at this point) SELinux had fine grained network access control by way of many object classes. These object classes were netif (network interfaces), node (network addresses) and a handful of socket object classes (such as tcp_socket, udp_socket, rawip_socket and so on).

Read this full article at SecurityBlog::Brindle

Only registered users can write comments.
Please login or register.

Powered by AkoComment!