I am trying to build a custom policy for one of my applications, which needs to: 1. Listen on a predefined range of tcp/udp ports (49200-49232); and 2. Connect to 25, 465, 110, 143, 993 & 995 tcp and 443, 1194 udp ports All is done on the local (lo) interface, NOT ethX (this should be prevented, if attempted!). The above port ranges cannot be changed! There are a couple of difficulties I am facing, however: 1. The first range of ports already form part of the 'virt' port ranges (49152-49216) in corenetwork.te.in. How do I define/use my own set of ranges (even if it clashes with another range type defined elsewhere) in order to allow 'corenet_tcp_bind' and 'corenet_udp_bind' macros to do their job and use them in my custom.te? Is there another way of doing name_bind? 2. The second port ranges form part of the 'pop', 'smtp' and 'openvpn' (as defined in corenetwork.te.in), but I do not wish to use the whole ranges when allowing a connection to be made. I also want to restrict these connections to be on the local interface only. Is there a way I could do that in my custom.te? Thanks in advance! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
