That is one way to do it. If you run the semanage utility, it will
compile that information into the policy as well, and you don't have to
recompile the base policy.
Forrest
On Wed, 2007-08-08 at 13:21 -0400, Mark wrote:
ok. Thanks.
So I need to update corenetwork.te, recompile the policy, set the
policy to the newly compiled one and reboot? Correct?
--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor(a)redhat.com> wrote:
You cannot. You need to run this as a separate command or
build it into
the base module (corenetwork.te).
Forrest
On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
> thanks for the information, but how could I add this to
my .te file?
>
>
> --
> ..Cheers
> Mark
>
> On 8/8/07, Forrest Taylor <ftaylor(a)redhat.com> wrote:
> On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> > I am new to writing policies and have been reading
the
> reference
> > policy files. I wrote a simple TCP server that
listens on a
> port for
> > connections. I would like to write a policy that
will only
> allow my
> > program to bind to a specific port(9999). I
looked at the
> reference
> > policy and see that the ports that programs are
allowed to
> use is in
> > policy/modules/kernel/corenetwork.te. My
questions is, can
> I specify
> > the port in my programs type enforcement file so
that I can
> make a
> > module instead of listing this in the kernel
policy? If so,
> what
> > would the syntax be?
>
> portcon is only valid in the base module, not a
normal
> loadable module.
> The command to generate the port entry for the
policy is
> semanage. It
> should look something like the following:
>
> semanage port -a -t my_port_t -p tcp 9999
>
> Forrest
>
>