> If you just want tor to bind to the dns port use these interfaces > > corenet_tcp_bind_dns_port(tor_t) > corenet_udp_bind_dns_port(tor_t) > > Considering these interfaces contain the net_bind_service cap it seems > like you will have to include it. However that isn't a concern since the > statement here only will allow tor to bind to ports labeled dns_port_t. > In this case tcp/udp 53. If you don't want tcp just include the second > of the two interfaces only. > It worked - it is exactly what I was after, thank you! I've just included the udp bind since tcp/53 is not used by tor. After I patched tor.te and re-compiled the targeted policy tor started without any problems. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
