[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?



Wart wrote:
Daniel J Walsh wrote:
allow crossfire_t port_t:udp_socket send_msg;
allow crossfire_t port_t:tcp_socket name_bind;
You need to define a port for this socket and only allow name_bind to
that port

I know I'm missing something obvious here, but which macro can I use to
add this restriction?  I saw references to http_port_t and ntp_port_t in
corenetwork.if, but didn't see anything that actually defined it to be
port 80 (http) or port 123 (ntp).

policy/modules/kernel/corenetwork.te.in:

...
network_port(ntp, udp,123,s0)
...
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0)
---

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]