On 10/10/2018 07:57 AM, Ville Baillie wrote:
Hi,
Does SELinux provide any sort of mechanism for blocking exec on commands
based on their command line arguments?
The proposed use case goes a little like this, allow 'wget' to access
'http://good-server-1/*' and 'http://good-server-2/*' but block access to
other hostnames and log the access type.
I understand there are probably other ways to achieve this but am wondering
if it is possible just using SELinux?
Not based on command line arguments, no. If you wanted to provide
SELinux-based control over the network traffic, you could configure
iptables SECMARK rules.
_______________________________________________
Selinux mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to [email protected].
