SELinux and Shorewall with IPSets
Mr Dash Four
mr.dash.four at googlemail.com
Wed Jun 30 20:56:24 UTC 2010
>>> hmm... i am not sure about this but maybe:
>>>
>>> role system_r types setfiles_mac_t;
>>>
>>> helps here..
>>>
>>>
>> What do you mean?
>>
>
> Add that rule to the running policy:
>
>
> policy_module(myseutils, 1.0.0)
> gen_require(`
> type setfiles_mac_t;
> role system_r;
> ')
> role system_r types setfiles_mac_t;
>
> ...
> make -f /usr/share/selinux/devel/Makefile myseutils.pp
> sudo semodule -i myseutils.pp
>
> Again, this is a shot in the dark...
>
YES!
This did the trick - no errors and when I log in with qemu and type
"semanage port -l | grep ssh" I am getting my own port and nothing else
(I did just one modification to see whether it will work). Brilliant!
More information about the selinux
mailing list