How can I configure SELinux to force application packets through an iptables/nftables chain?

For context, I am using cake-qos-simple on my router which is a QoS script to prioritize certain traffic between my LAN and WAN. On my Windows machine, I can DSCP tag all packets for any particular application by EXE name (such as a game) and my router will ensure that my game packets will always be prioritized to the WAN over all other traffic. This ensures I never see any latency spikes for my game. I'm looking to achieve a similar setup on Linux. On [reddit](https://old.reddit.com/r/networking/comments/bkki89/application_based_ip_packet_filtering_with_ubuntu/) , someone mentioned a potential solution: > One thing I can think of is SELinux. Theoretically, if you were to assign network security context to each application, you could use the SECMARK module in iptables to shove all packets originating from a particular security context into a specific chain (for example, have a chain just for Firefox). Then the Firefox chain sets the DSCP field, does any other filtering you want, and forwards. Is this feasible? I don't know as much about SELinux so I was wondering if anyone had more insight before I spend time learning SELinux.