[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: only allow 1 port for listening
- From: Mark <elihusmails gmail com>
- To: "Forrest Taylor" <ftaylor redhat com>
- Cc: "fedora-selinux-list redhat com" <fedora-selinux-list redhat com>, selinux tycho nsa gov
- Subject: Re: only allow 1 port for listening
- Date: Wed, 8 Aug 2007 13:21:36 -0400
ok. Thanks.
So I need to update corenetwork.te, recompile the policy, set the policy to the newly compiled one and reboot? Correct?
--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor redhat com> wrote:
You cannot. You need to run this as a separate command or build it into
the base module (corenetwork.te).
Forrest
On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
> thanks for the information, but how could I add this to my .te file?
>
>
> --
> ..Cheers
> Mark
>
> On 8/8/07, Forrest Taylor <ftaylor redhat com> wrote:
> On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> > I am new to writing policies and have been reading the
> reference
> > policy files. I wrote a simple TCP server that listens on a
> port for
> > connections. I would like to write a policy that will only
> allow my
> > program to bind to a specific port(9999). I looked at the
> reference
> > policy and see that the ports that programs are allowed to
> use is in
> > policy/modules/kernel/corenetwork.te. My questions is, can
> I specify
> > the port in my programs type enforcement file so that I can
> make a
> > module instead of listing this in the kernel policy? If so,
> what
> > would the syntax be?
>
> portcon is only valid in the base module, not a normal
> loadable module.
> The command to generate the port entry for the policy is
> semanage. It
> should look something like the following:
>
> semanage port -a -t my_port_t -p tcp 9999
>
> Forrest
>
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]