Re: TCP server howto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dominick Grift wrote:
: I think corenet_reserved_port() is what you are looking for.
: 
	Thanks for the hint. It is _almost_ exactly as you wrote,
except:

: # Declarations
: 
: type my_port_t;
: corenet_reserved_port(my_port_t)
: 
: # Policy
: 
: corenet_all_recvfrom_unlabeled($1)
: corenet_all_recvfrom_netlabel($1)
: corenet_tcp_sendrecv_generic_if($1)
: corenet_tcp_sendrecv_generic_node($1)
: corenet_tcp_sendrecv_all_ports($1)
- corenet_tcp_bind_generic_node($1)
+ corenet_tcp_bind_inadrr_any_node($1)

: allow $1 my_port_t:tcp_socket name_bind;

+ allow $1 self:capability net_bind_service;
+ allow $1 self:tcp_socket create_stream_socket_perms;

: #EOF
: 
: sudo semanage port -a -t my_port_t -p tcp 40

	I would however like to have a really-high-level macro (or two)
to do the above - I guess this is what many users would like to do
- saying "this context belongs to my port", and "this domain can run
a TCP server on this port". The similar way how the files_pid_file()
and files_pid_filetrans() macros allow for the
"I want to have my own PID file in /var/run" case.

	Would it be acceptable to submit this as a patch for inclusion
in the upstream policy?

	I would like to have other things included upstream as well - for
example, now I have a policy bits for Perl: file contexts for
/usr/bin/perl* and /usr/lib{,64}/perl5/*, and an interface macro for saying
"this domain can run Perl scripts".  

	Thanks,

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux