I was trying to understand selinux better and was looking through the policy sources and noticed that out of the loopback address space only 127.0.0.1 was given a local node type with the following: nodecon 127.0.0.1 255.255.255.255 system_u:object_r:node_lo_t I would have expected a netmask of 255.0.0.0 in the above. Is this a trade off of mistakes when people use a nonstandard network mask for loopback versus potentially having to modify the policy when running services on loopback addresses other than 127.0.0.1? (Which one might want to do to reuse a standard port number when providing local services.)
