On Tue, 2008-04-22 at 15:42 -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chuck Anderson wrote: > > On Tue, Apr 22, 2008 at 03:21:35PM -0400, Daniel J Walsh wrote: > >> TCP Port 22 is labeled ssh_port_t. > > > > For TCP, yes. I need SCTP, a different IP protocol. > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > I have no idea if this is handled SCTP Are you seeing AVC messages? Should show up as name_bind checks on port_t:rawip_socket, as per: http://marc.info/?l=fedora-selinux-list&m=112806295900352&w=2 Policy toolchain doesn't presently allow specification of port contexts for anything other than udp or tcp, although I think the kernel side would support it just fine. So we'd need to update libsepol/libsemanage first, then adjust seobject.py to recognize "sctp". Along with checkpolicy. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
