Paul Howarth wrote: > Wart wrote: > >> Daniel J Walsh wrote: >> >>> allow crossfire_t port_t:udp_socket send_msg; >>> allow crossfire_t port_t:tcp_socket name_bind; >>> You need to define a port for this socket and only allow name_bind to >>> that port >> >> >> I know I'm missing something obvious here, but which macro can I use to >> add this restriction? I saw references to http_port_t and ntp_port_t in >> corenetwork.if, but didn't see anything that actually defined it to be >> port 80 (http) or port 123 (ntp). > > > policy/modules/kernel/corenetwork.te.in: > > ... > network_port(ntp, udp,123,s0) > ... > network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, > tcp,8009,s0) Thanks. This is just what I needed. I could have sworn that this syntax was working for me earlier today, but now I keep getting syntax errors on FC5: + make -f /usr/share/selinux/devel/Makefile cat: /selinux/mls: No such file or directory Compiling targeted crossfire module crossfire.te:67:ERROR 'syntax error' at token 'network_port' on line 59707: ## Networking basics (adjust to your needs!) network_port(crossfire, tcp,13327,s0) /usr/bin/checkmodule: error(s) encountered while parsing configuration /usr/bin/checkmodule: loading policy configuration from tmp/crossfire.tmp make: *** [tmp/crossfire.mod] Error 1 Is there something else that I need to include to be able to use network_port()? --Wart -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
