[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: My first policy (memcached)
- From: Daniel J Walsh <dwalsh redhat com>
- To: Konstantin Ryabitsev <icon fedoraproject org>
- Cc: fedora-selinux-list redhat com
- Subject: Re: My first policy (memcached)
- Date: Mon, 17 Sep 2007 17:14:57 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Konstantin Ryabitsev wrote:
> On 9/12/07, Daniel J Walsh <dwalsh redhat com> wrote:
>> Do web applications communicate with this daemon over the network port?
>
> Yes, normally via tcp. I don't think they actually use unix sockets.
> What kind of interface(s) would be useful for that?
>
You need to define a port
type memcached_port_t;
port_type(memcached_port_t)
allow memcached_t memcached_port_t:tcp_socket name_bind;
Interfaces would be something like
interface(`memcached_port_connect'. `
gen_require (`
type memcached_port_t;
')
allow $1 memcached_port_t:tcp_port name_connect;
')
Finally need to execute
semanage port -a -m memcached_port_t -P tcp 11211
>> Please submit to upstream for approval, Then lets get it into fedora.
>
> By upstream, do you mean the packager, or the very upstream?
>
Either. If the packager wants to ship it with his product all the better.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG7u5RrlYvE4MpobMRArK1AKDjZ0NSoyeK6WrY9iF4Ora0iwztUACgp4zp
pVSCOBwM5Kp0FBoEQ7uH+4Y=
=SxRq
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]