only allow 1 port for listening
Mark
elihusmails at gmail.com
Wed Aug 8 17:21:36 UTC 2007
ok. Thanks.
So I need to update corenetwork.te, recompile the policy, set the policy to
the newly compiled one and reboot? Correct?
--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor at redhat.com> wrote:
>
> You cannot. You need to run this as a separate command or build it into
> the base module (corenetwork.te).
>
> Forrest
>
> On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
> > thanks for the information, but how could I add this to my .te file?
> >
> >
> > --
> > ..Cheers
> > Mark
> >
> > On 8/8/07, Forrest Taylor <ftaylor at redhat.com> wrote:
> > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> > > I am new to writing policies and have been reading the
> > reference
> > > policy files. I wrote a simple TCP server that listens on a
> > port for
> > > connections. I would like to write a policy that will only
> > allow my
> > > program to bind to a specific port(9999). I looked at the
> > reference
> > > policy and see that the ports that programs are allowed to
> > use is in
> > > policy/modules/kernel/corenetwork.te. My questions is, can
> > I specify
> > > the port in my programs type enforcement file so that I can
> > make a
> > > module instead of listing this in the kernel policy? If so,
> > what
> > > would the syntax be?
> >
> > portcon is only valid in the base module, not a normal
> > loadable module.
> > The command to generate the port entry for the policy is
> > semanage. It
> > should look something like the following:
> >
> > semanage port -a -t my_port_t -p tcp 9999
> >
> > Forrest
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20070808/3f459e4d/attachment.html
More information about the selinux
mailing list