TCP server howto

[Jan Kasprzak]

	Hello,

what is a recommended way of allowing a domain to act as a generic TCP
server. I.e. to create a stream socket, bind(2) it to a single defined
port with INADDR_ANY, listen(2) on it, accept(2) connections on it,
and communicate (read/write/send*/recv*) on it.

	So far I am using audit2allow, and it has led me to the following
setup (actual reading/writing not verified yet, more rules would probably
be needed):

allow $1 hi_reserved_port_t:tcp_socket name_bind;
allow $1 inaddr_any_node_t:tcp_socket node_bind;
allow $1 self:capability net_bind_service;

However, I guess hi_reserver_port_t is not a _single_ port. I have
seen the network_port() macro in corenetwork.if, but using

network_port($1, tcp,654,s0);

gives a syntax error.

Is there any high-level macro for setting up a single port and allowing
it to be bound, listened, read and written?

[ my system is Fedora 10 with the targeted policy ]

	Thanks,

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<