From: shazalive@gmail.com (Shaz) Date: Mon, 17 May 2010 17:33:22 +0500 Subject: [refpolicy] A strange usecase In-Reply-To: <1274098502.2093.2.camel@gorn.columbia.tresys.com> References: <1274098502.2093.2.camel@gorn.columbia.tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, May 17, 2010 at 5:15 PM, Christopher J. PeBenito wrote: > On Mon, 2010-05-17 at 16:42 +0500, Shaz wrote: >> How can we "make sure a guest user can only see traffic counters of >> eth0 but not eth1" > > It is not possible. ?That info comes out of the /proc/net/dev proc file. > All interfaces are in the same file, so you can either see all of the > interfaces or none of the interfaces. ?This can be controlled by > allowing or denying access to proc_net_t files. Not even with iptables-selinux? -- Shaz