Question on SELinux
Daniel J Walsh
dwalsh at redhat.com
Fri Oct 24 19:27:31 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
> On Sat, 18 Oct 2008 12:34:53 +0000
> lionel ong <odin743 at hotmail.com> wrote:
>
>>> Date: Sat, 18 Oct 2008 13:25:59 +0100> From: paul at city-fan.org> To:
>>> odin743 at hotmail.com> CC: fedora-selinux-list at redhat.com> Subject:
>>> Re: Question on SELinux> > On Sat, 18 Oct 2008 09:55:26 +0000>
>>> lionel ong <odin743 at hotmail.com> wrote:> > > > Port 80 is the port
>>> that the websites firefox connects to use; if you> prevent firefox
>>> from connecting to websites on port 80 it's just not> going to work
>>> at all, unless you're trying to force it through a proxy> on a
>>> different port perhaps?> > Paul.
>> Hi, yes I understand that the firefox will fail to work, but I am
>> just trying out the things policies can do, it's ok if firefox fails.
>> Do you know how I could stop firefox from using Port 80 and uses some
>> other port? Regards, Lionel
>
> I've never done anything like that but I guess a good starting point
> would be xguest (see http://danwalsh.livejournal.com/14778.html) and
> tweaking policy from there.
>
> Paul.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Start with the following policy and add ports that you would allow.
policy_module(myuser, 1.0.0)
role myuser_r;
userdom_restricted_xwindows_user_template(muser)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkCIaMACgkQrlYvE4MpobMHUACfRYAnQt1HjrRnhnGx3RpAceBB
FpAAnjWNh+MT9FVknPHpudyQ9reTvZ5+
=Jtwr
-----END PGP SIGNATURE-----
More information about the selinux
mailing list