A bit of confusion over dkim_milter_t
Dominick Grift
dominick.grift at gmail.com
Wed Jul 17 22:19:52 UTC 2013
On Wed, 2013-07-17 at 14:08 -0800, Erinn Looney-Triggs wrote:
> Sorry to respond to myself but I forgot the vitals:
>
> RHEL 6.4 x64
> selinux-policy-3.7.19-195.el6_4.12.noarch
>
> -Erinn
Se its allowed to bind tcp socket to generic tcp port_t type ports if
the allow_ypbind boolean is set ( sesearch with -ASCT would show you
that(
allow_ypbind boolean is not recommended though since it is very coarse.
Instead use semanage to label the port (tcp:8891) with one of the
available port types (seinfo -axport_type), then use audit2allow, after
reproducing the event, to allow bind tcp socket to ports with that type
You can also create a new port type and use that:
cat > mytest.te <<EOF
policy_module(mytest, 1.0.0)
type myport_t;
corenet_port(myport_t)
optional_policy(\`
gen_require(\`
type dkim_milter_t;
')
allow dkim_milter_t myport_t:tcp_socket name_bind;
')
EOF
make -f /usr/share/selinux/devel/Makefile mytest.pp
sudo semodule -i mytest.pp
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list