--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote:
On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> I am new to writing policies and have been reading the reference
> policy files. I wrote a simple TCP server that listens on a port for
> connections. I would like to write a policy that will only allow my
> program to bind to a specific port(9999). I looked at the reference
> policy and see that the ports that programs are allowed to use is in
> policy/modules/kernel/corenetwork.te. My questions is, can I specify
> the port in my programs type enforcement file so that I can make a
> module instead of listing this in the kernel policy? If so, what
> would the syntax be?
portcon is only valid in the base module, not a normal loadable module.
The command to generate the port entry for the policy is semanage. It
should look something like the following:
semanage port -a -t my_port_t -p tcp 9999
Forrest
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
