Why is only 127.0.0.1 (out of 127.0.0.0/8) a node_lo_t in policy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was trying to understand selinux better and was looking through the
policy sources and noticed that out of the loopback address space only
127.0.0.1 was given a local node type with the following:
nodecon 127.0.0.1         255.255.255.255        system_u:object_r:node_lo_t

I would have expected a netmask of 255.0.0.0 in the above.

Is this a trade off of mistakes when people use a nonstandard network
mask for loopback versus potentially having to modify the policy when
running services on loopback addresses other than 127.0.0.1? (Which one
might want to do to reuse a standard port number when providing local
services.)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux