Wart wrote:
Daniel J Walsh wrote:
allow crossfire_t port_t:udp_socket send_msg;
allow crossfire_t port_t:tcp_socket name_bind;
You need to define a port for this socket and only allow name_bind to
that port
I know I'm missing something obvious here, but which macro can I use to
add this restriction? I saw references to http_port_t and ntp_port_t in
corenetwork.if, but didn't see anything that actually defined it to be
port 80 (http) or port 123 (ntp).
policy/modules/kernel/corenetwork.te.in:
...
network_port(ntp, udp,123,s0)
...
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0,
tcp,8009,s0)
---
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
