Labelling a new port
Forrest Taylor
ftaylor at redhat.com
Thu Sep 6 18:51:04 UTC 2007
On Thu, 2007-09-06 at 12:43 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
>
> I'm trying to write a policy for memcached, but I'm not sure how I'd
> declare a new memcached_port_t (11211/tcp). Any pointers?
First, you need to build a module and load it into the policy:
Create a file in /root called memcached that contains the following:
module memcached 1.0.0;
require {
attribute port_type;
};
type memcache_port_t, port_type;
Build it and load it:
cd /root
make -f /usr/share/selinux/devel/Makefile
(if that file doesn't exist, install the selinux-policy-devel package)
semodule -i memcached.pp
Second, use semanage to associate the port with the new port name:
semanage port -a -t memcache_port_t -p tcp 11211
Forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20070906/b2b181b4/attachment.bin
More information about the selinux
mailing list