All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Warner <warner@rubix.com>
To: SELinux List <selinux@tycho.nsa.gov>
Subject: Significance of the level on a port configuration
Date: Wed, 11 Mar 2009 18:44:51 +0100	[thread overview]
Message-ID: <49B7F893.9040706@rubix.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 541 bytes --]

Can someone give me a quick overview of the significance (i.e., the MLS 
behavior) of the port level for SELinux.

I am attempting to have two connection from untrusted hosts that are 
statically labeled (with netlabelctl) one at high (s0) and one at low 
(s1). Both connections will be made over the same port number. The 
service accepting the connections runs at SystemHigh on Fedora 9 with 
MLS policy. What difference does the level of the port make ? Assume all 
TE rules are satisfied for the context of my question.

Thanks,

Andy



[-- Attachment #2: Type: text/html, Size: 741 bytes --]

             reply	other threads:[~2009-03-11 17:45 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-11 17:44 Andy Warner [this message]
2009-03-11 17:47 ` Significance of the level on a port configuration Stephen Smalley
2009-03-12 15:07   ` Paul Moore
2009-03-12 15:09     ` Stephen Smalley
2009-03-12 15:24       ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49B7F893.9040706@rubix.com \
    --to=warner@rubix.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.