You cannot. You need to run this as a separate command or build it into the base module (corenetwork.te). Forrest On Wed, 2007-08-08 at 13:12 -0400, Mark wrote: > thanks for the information, but how could I add this to my .te file? > > > -- > ..Cheers > Mark > > On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote: > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote: > > I am new to writing policies and have been reading the > reference > > policy files. I wrote a simple TCP server that listens on a > port for > > connections. I would like to write a policy that will only > allow my > > program to bind to a specific port(9999). I looked at the > reference > > policy and see that the ports that programs are allowed to > use is in > > policy/modules/kernel/corenetwork.te. My questions is, can > I specify > > the port in my programs type enforcement file so that I can > make a > > module instead of listing this in the kernel policy? If so, > what > > would the syntax be? > > portcon is only valid in the base module, not a normal > loadable module. > The command to generate the port entry for the policy is > semanage. It > should look something like the following: > > semanage port -a -t my_port_t -p tcp 9999 > > Forrest > >
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
