--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote:
That is one way to do it. If you run the semanage utility, it will
compile that information into the policy as well, and you don't have to
recompile the base policy.
Forrest
On Wed, 2007-08-08 at 13:21 -0400, Mark wrote:
> ok. Thanks.
>
> So I need to update corenetwork.te, recompile the policy, set the
> policy to the newly compiled one and reboot? Correct?
>
>
>
> --
> ..Cheers
> Mark
>
> On 8/8/07, Forrest Taylor <ftaylor@xxxxxxxxxx> wrote:
> You cannot. You need to run this as a separate command or
> build it into
> the base module (corenetwork.te).
>
> Forrest
>
> On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
> > thanks for the information, but how could I add this to
> my .te file?
> >
> >
> > --
> > ..Cheers
> > Mark
> >
> > On 8/8/07, Forrest Taylor < ftaylor@xxxxxxxxxx> wrote:
> > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> > > I am new to writing policies and have been reading
> the
> > reference
> > > policy files. I wrote a simple TCP server that
> listens on a
> > port for
> > > connections. I would like to write a policy that
> will only
> > allow my
> > > program to bind to a specific port(9999). I
> looked at the
> > reference
> > > policy and see that the ports that programs are
> allowed to
> > use is in
> > > policy/modules/kernel/corenetwork.te. My
> questions is, can
> > I specify
> > > the port in my programs type enforcement file so
> that I can
> > make a
> > > module instead of listing this in the kernel
> policy? If so,
> > what
> > > would the syntax be?
> >
> > portcon is only valid in the base module, not a
> normal
> > loadable module.
> > The command to generate the port entry for the
> policy is
> > semanage. It
> > should look something like the following:
> >
> > semanage port -a -t my_port_t -p tcp 9999
> >
> > Forrest
> >
> >
>
>
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list