hello-
i tried to assign a port type in a policy module like so:
portcon tcp 1521 system_u:object_r:oracle_port_t:s0;
which fails unless i rebuild as a monolithic policy. should this fail or have i got something wrong?
i have found that using "semanage port -a -t oracle_port_t -p tcp 1521" in the rpm post install script works.
what is the proper way to assign a port in a policy module?
thanks for any clues!
rob.
On Mon, 2007-04-30 at 10:47 -0400, rob myers wrote:
hello-
i tried to assign a port type in a policy module like so:
portcon tcp 1521 system_u:object_r:oracle_port_t:s0;
which fails unless i rebuild as a monolithic policy. should this fail or have i got something wrong?
Yes, portcon is only valid in the base module.
i have found that using "semanage port -a -t oracle_port_t -p tcp 1521" in the rpm post install script works.
what is the proper way to assign a port in a policy module?
This is the best way unless you are rebuilding the base module.
Forrest
On Mon, 2007-04-30 at 10:47 -0400, rob myers wrote:
hello-
i tried to assign a port type in a policy module like so:
portcon tcp 1521 system_u:object_r:oracle_port_t:s0;
which fails unless i rebuild as a monolithic policy. should this fail or have i got something wrong?
i have found that using "semanage port -a -t oracle_port_t -p tcp 1521" in the rpm post install script works.
what is the proper way to assign a port in a policy module?
thanks for any clues!
semanage is the right approach for object contexts - they aren't supported in policy modules (yet), and even if they were, there would be the potential for ordering/overriding issues there.
selinux@lists.fedoraproject.org