[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: portcon in a policy module?
- From: Stephen Smalley <sds tycho nsa gov>
- To: rob myers <rob myers gtri gatech edu>
- Cc: fedora-selinux-list redhat com
- Subject: Re: portcon in a policy module?
- Date: Mon, 30 Apr 2007 10:53:37 -0400
On Mon, 2007-04-30 at 10:47 -0400, rob myers wrote:
> hello-
>
> i tried to assign a port type in a policy module like so:
>
> portcon tcp 1521 system_u:object_r:oracle_port_t:s0;
>
> which fails unless i rebuild as a monolithic policy. should this fail
> or have i got something wrong?
>
> i have found that using "semanage port -a -t oracle_port_t -p tcp 1521"
> in the rpm post install script works.
>
> what is the proper way to assign a port in a policy module?
>
> thanks for any clues!
semanage is the right approach for object contexts - they aren't
supported in policy modules (yet), and even if they were, there would be
the potential for ordering/overriding issues there.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]