Is it possible to assign additional ports to an already-defined port type in a loadable module? Basically I'm looking for a way to do the equivalent of
'semanage port -a -t memcache_port_t -p tcp 11212'
for some set of ports, without having to run the semanage command -- instead storing the definitions in a module file.
I came across some post from 2007 claiming that 'portcon' (which I think would be the way to do this) isn't supported in policy modules "(yet)", so I'm wondering if something has changed, or if there is any other way to implement this without the direct call to the semanage command.
The big picture is this: I would like to be able to leverage the httpd_can_network_memcache boolean, allowing httpd (php) to connect to multiple pre-defined memcache ports, without having to allow full network access from httpd.
Thanks,
Jeff
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
