On Wed, Apr 12, 2023 at 1:12 AM Etienne Champetier <champetier.etienne@xxxxxxxxx> wrote: > > Hello, > > Is there a way to ship a cil module changing the type of port 80 ? > > ie something like > > (portcon tcp 80 (system_u object_r websm_port_t ((s0)(s0)))) > > When I try to install such module I get an error, I guess because port > 80 is already defined > > Problems processing portcon rules > > Failed post db handling > > semodule: Failed! > > Best > Etienne The portcon rules are all in the base module. You could do the following (on a Fedora system): 1) Extract the base module into a cil file semodule -cE base 2) Modify the portcon rule for tcp 80 3) Install the modified base module at a higher priority semodule -X 200 -i base.cil The original base module will still exist at priority 100. You can see that by doing: semodule -lfull You can remove the higher priority module later by doing: semodule -X 200 -r base That will revert you back to the original base module. I hope that helps. Jim
