package review?
Paul Howarth
paul at city-fan.org
Fri Jul 21 15:23:59 UTC 2006
Wart wrote:
> Daniel J Walsh wrote:
>> allow crossfire_t port_t:udp_socket send_msg;
>> allow crossfire_t port_t:tcp_socket name_bind;
>> You need to define a port for this socket and only allow name_bind to
>> that port
>
> I know I'm missing something obvious here, but which macro can I use to
> add this restriction? I saw references to http_port_t and ntp_port_t in
> corenetwork.if, but didn't see anything that actually defined it to be
> port 80 (http) or port 123 (ntp).
policy/modules/kernel/corenetwork.te.in:
...
network_port(ntp, udp,123,s0)
...
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0,
tcp,8009,s0)
---
Paul.
More information about the selinux
mailing list