On Thu, 2007-09-06 at 12:43 -0400, Konstantin Ryabitsev wrote:
Hello, all:
I'm trying to write a policy for memcached, but I'm not sure how I'd
declare a new memcached_port_t (11211/tcp). Any pointers?
First, you need to build a module and load it into the policy:
Create a file in /root called memcached that contains the following:
module memcached 1.0.0;
require {
attribute port_type;
};
type memcache_port_t, port_type;
Build it and load it:
cd /root
make -f /usr/share/selinux/devel/Makefile
(if that file doesn't exist, install the selinux-policy-devel package)
semodule -i memcached.pp
Second, use semanage to associate the port with the new port name:
semanage port -a -t memcache_port_t -p tcp 11211
Forrest