Re: only allow 1 port for listening

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You cannot.  You need to run this as a separate command or build it into
the base module (corenetwork.te).

Forrest

On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
> thanks for the information, but how could I add this to my .te file?
> 
> 
> -- 
> ..Cheers
> Mark 
> 
> On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote:
>         On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
>         > I am new to writing policies and have been reading the
>         reference
>         > policy files.  I wrote a simple TCP server that listens on a
>         port for
>         > connections.  I would like to write a policy that will only
>         allow my 
>         > program to bind to a specific port(9999).  I looked at the
>         reference
>         > policy and see that the ports that programs are allowed to
>         use is in
>         > policy/modules/kernel/corenetwork.te.  My questions is, can
>         I specify 
>         > the port in my programs type enforcement file so that I can
>         make a
>         > module instead of listing this in the kernel policy?  If so,
>         what
>         > would the syntax be?
>         
>         portcon is only valid in the base module, not a normal
>         loadable module. 
>         The command to generate the port entry for the policy is
>         semanage.  It
>         should look something like the following:
>         
>         semanage port -a -t my_port_t -p tcp 9999
>         
>         Forrest
>         
> 

Attachment: signature.asc
Description: This is a digitally signed message part

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux