Simplicity is a form of art...

Network routing based on SELinux?
by Sven Vermeulen, post on Wed 21 August 2013

Today we had a question on #selinux if it was possible to route traffic of a specific process using SELinux. The answer to this is "no", although it has to be explained a bit in more detail.

SELinux does not route traffic. SELinux is a local mandatory access control system …

SELinux policy and network controls
by Sven Vermeulen, post on Sat 11 May 2013

Let's talk about how SELinux governs network streams (and how it reflects this into the policy).

When you don't do fancy stuff like SECMARK or netlabeling, then the classes that you should keep an eye on are tcp_socket and udp_socket (depending on the protocol). There used to be …