> On Monday, 28 March 2016, 14:26, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 03/28/2016 08:53 AM, Dominick Grift wrote: >> >> I was adding support for syslog ports, and /etc/services indicated to >> me that syslog(_tls) has support for dccp protocol. So tried to add >> that support in. >> >> However when trying to specify a portcon, secilc tells me dccp is an >> invalid protocol. >> >> e.g. >> >> (portcon "dccp" 6514 port_obj_context) > > Doesn't appear to be supported by the selinux userspace presently (even > apart from CIL). Not sure why. Looking back, I see the original > "SELinux support for DCCP" RFC thread, which included a (now dead) > link > to patches for userspace support, but I don't see any indication that > they were ever submitted. The only valid portcon protocol types supported by the kernel and policy statements are "tcp" and "udp". I did some time ago send RFC patches (kernel & CIL) to add "dccp" and "sctp" but these died. Adding support for a dccp portcon statement would not be difficult as there is SELinux support already for the protocol (policycoreutils is a pain though as lots of language files !!!). > > > > > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to > Selinux-request@xxxxxxxxxxxxx. > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
