next up previous contents
Next: File Contexts Up: Security Context Configuration Previous: File System Contexts   Contents


Network Contexts

The network object context configuration is contained in the net_contexts file. This configuration specifies the security contexts for port numbers, network interfaces, nodes, and NFS files. The types associated with these contexts are discussed in Section 3.3.7. These security contexts use the system_u user identity and the object_r role since they represent system objects.

By default, port numbers are labeled with the security context associated with the port initial SID. Separate security contexts are specified for port numbers that should be restricted to particular domains. Currently, security contexts are only defined for a few ports as examples. As discussed in Section 3.3.7, several of the types used in these security contexts can be reduced to a single inetd_port_t type.

The security contexts associated with the netif and netmsg initial SIDs are used by default for network interfaces. Separate security contexts can be specified for individual network interfaces to distinguish access to different interfaces. Currently, separate contexts are defined for the loopback interface, the eth0 interface, and the eth1 interface. However, these distinctions are not currently used by the TE configuration.

By default, the security context associated with the node initial SID is used for nodes. Separate security contexts can be specified for an address and mask pair to distinguish access to different nodes. Currently, separate contexts are defined for the localhost address and for all hosts with a particular prefix. However, these distinctions are not currently used by the TE configuration.

NFS filesystems and files are labeled with the security context associated with the nfs initial SID by default. Separate security contexts can be specified for an address and mask pair to distinguish access to different NFS servers.


next up previous contents
Next: File Contexts Up: Security Context Configuration Previous: File System Contexts   Contents