Network routing based on SELinux?
by Sven Vermeulen, post on Wed 21 August 2013Today we had a question on #selinux if it was possible to route traffic of a specific process using SELinux. The answer to this is "no", although it has to be explained a bit in more detail.
SELinux does not route traffic. SELinux is a local mandatory access control system …
SECMARK and SELinux
by Sven Vermeulen, post on Mon 13 May 2013When using SECMARK, the administrator configures the iptables or netfilter rules to add a label to the packet data structure (on the host itself) that can be governed through SELinux policies. Unlike peer labeling, here the labels assigned to the network traffic is completely locally defined. Consider the following command …