That is one way to do it. If you run the semanage utility, it will compile that information into the policy as well, and you don't have to recompile the base policy. Forrest On Wed, 2007-08-08 at 13:21 -0400, Mark wrote: > ok. Thanks. > > So I need to update corenetwork.te, recompile the policy, set the > policy to the newly compiled one and reboot? Correct? > > > > -- > ..Cheers > Mark > > On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote: > You cannot. You need to run this as a separate command or > build it into > the base module (corenetwork.te). > > Forrest > > On Wed, 2007-08-08 at 13:12 -0400, Mark wrote: > > thanks for the information, but how could I add this to > my .te file? > > > > > > -- > > ..Cheers > > Mark > > > > On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote: > > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote: > > > I am new to writing policies and have been reading > the > > reference > > > policy files. I wrote a simple TCP server that > listens on a > > port for > > > connections. I would like to write a policy that > will only > > allow my > > > program to bind to a specific port(9999). I > looked at the > > reference > > > policy and see that the ports that programs are > allowed to > > use is in > > > policy/modules/kernel/corenetwork.te. My > questions is, can > > I specify > > > the port in my programs type enforcement file so > that I can > > make a > > > module instead of listing this in the kernel > policy? If so, > > what > > > would the syntax be? > > > > portcon is only valid in the base module, not a > normal > > loadable module. > > The command to generate the port entry for the > policy is > > semanage. It > > should look something like the following: > > > > semanage port -a -t my_port_t -p tcp 9999 > > > > Forrest > > > > > >
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list