Joe Nall wrote: > If the secid reconciliation patches don't make RH5, will localhost > IP connections have MLS policy applied?
Just a second while I get my dead-horse-beating-mallets out of my desk drawer ... there we go. NetLabel, which *should* be present in RHEL5 with full support, works without problem over localhost. This means that, if NetLabel is configured for the sending domain, packets sent to/over/through the localhost interface will carry MLS attributes and will have MLS policy applied as one would expect. NetLabel doesn't carry the full context (yet, but that's a different topic altogether) so you will still have to deal with the context having "unlabeled_t" for a type but considering that most MLS aware apps (I'm thinking of xinetd right now) are probably not going to care about the TE portion of the context it probably isn't too big a deal right now. -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
