package review?
Wart
wart at kobold.org
Sat Jul 22 03:45:20 UTC 2006
Paul Howarth wrote:
> Wart wrote:
>
>> Daniel J Walsh wrote:
>>
>>> allow crossfire_t port_t:udp_socket send_msg;
>>> allow crossfire_t port_t:tcp_socket name_bind;
>>> You need to define a port for this socket and only allow name_bind to
>>> that port
>>
>>
>> I know I'm missing something obvious here, but which macro can I use to
>> add this restriction? I saw references to http_port_t and ntp_port_t in
>> corenetwork.if, but didn't see anything that actually defined it to be
>> port 80 (http) or port 123 (ntp).
>
>
> policy/modules/kernel/corenetwork.te.in:
>
> ...
> network_port(ntp, udp,123,s0)
> ...
> network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0,
> tcp,8009,s0)
Thanks. This is just what I needed.
I could have sworn that this syntax was working for me earlier today,
but now I keep getting syntax errors on FC5:
+ make -f /usr/share/selinux/devel/Makefile
cat: /selinux/mls: No such file or directory
Compiling targeted crossfire module
crossfire.te:67:ERROR 'syntax error' at token 'network_port' on line 59707:
## Networking basics (adjust to your needs!)
network_port(crossfire, tcp,13327,s0)
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from tmp/crossfire.tmp
make: *** [tmp/crossfire.mod] Error 1
Is there something else that I need to include to be able to use
network_port()?
--Wart
More information about the fedora-selinux-list
mailing list