only allow 1 port for listening
Forrest Taylor
ftaylor at redhat.com
Wed Aug 8 16:49:09 UTC 2007
On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> I am new to writing policies and have been reading the reference
> policy files. I wrote a simple TCP server that listens on a port for
> connections. I would like to write a policy that will only allow my
> program to bind to a specific port(9999). I looked at the reference
> policy and see that the ports that programs are allowed to use is in
> policy/modules/kernel/corenetwork.te. My questions is, can I specify
> the port in my programs type enforcement file so that I can make a
> module instead of listing this in the kernel policy? If so, what
> would the syntax be?
portcon is only valid in the base module, not a normal loadable module.
The command to generate the port entry for the policy is semanage. It
should look something like the following:
semanage port -a -t my_port_t -p tcp 9999
Forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20070808/214bba4a/attachment.bin
More information about the selinux
mailing list