From: shazalive@gmail.com (Shaz)
Date: Mon, 17 May 2010 17:33:22 +0500
Subject: [refpolicy] A strange usecase
In-Reply-To: <1274098502.2093.2.camel@gorn.columbia.tresys.com>
References: <AANLkTims07JUhAD9T2KvEGHZauBW6etkgCUQFKTAD1OP@mail.gmail.com>
	<1274098502.2093.2.camel@gorn.columbia.tresys.com>
Message-ID: <AANLkTilfYQzJy9tTjcjGXULO5ELAh4XuxMmrC1zGk7gQ@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, May 17, 2010 at 5:15 PM, Christopher J. PeBenito
<cpebenito@tresys.com> wrote:
> On Mon, 2010-05-17 at 16:42 +0500, Shaz wrote:
>> How can we "make sure a guest user can only see traffic counters of
>> eth0 but not eth1"
>
> It is not possible. ?That info comes out of the /proc/net/dev proc file.
> All interfaces are in the same file, so you can either see all of the
> interfaces or none of the interfaces. ?This can be controlled by
> allowing or denying access to proc_net_t files.

Not even with iptables-selinux?

-- 
Shaz