On May 31, 2007, at 12:15 PM, Stephen Smalley wrote:
On Thu, 2007-05-31 at 10:58 -0500, Joe Nall wrote:
I would like to label an ethernet interface so that all of the
inbound connections are labeled with a range.
semanage interface -a -t netif_t --range S-S eth1
succeeds, but getpeercon fails with "Protocol not available"
Is there any way to do this with what is in evaluation?
getpeercon() only returns a context if a labeled networking mechanism
was used; we don't implicitly convey the netif label or secmark
label to
it. So if you want a default labeling behavior, that has to be
done in
your application, e.g. the application would fall back to some default
if getpeercon() failed.
Can you point me at the API to query the netif label?
joe
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
