ok. Thanks. <br><br>So I need to update corenetwork.te, recompile the policy, set the policy to the newly compiled one and reboot? Correct?<br><br><br clear="all"><br>-- <br>..Cheers<br>Mark
<br><br><div><span class="gmail_quote">On 8/8/07, <b class="gmail_sendername">Forrest Taylor</b> <<a href="mailto:ftaylor@redhat.com">ftaylor@redhat.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
You cannot. You need to run this as a separate command or build it into<br>the base module (corenetwork.te).<br><br>Forrest<br><br>On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:<br>> thanks for the information, but how could I add this to my .te file?
<br>><br>><br>> --<br>> ..Cheers<br>> Mark<br>><br>> On 8/8/07, Forrest Taylor <<a href="mailto:ftaylor@redhat.com">ftaylor@redhat.com</a>> wrote:<br>> On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
<br>> > I am new to writing policies and have been reading the<br>> reference<br>> > policy files. I wrote a simple TCP server that listens on a<br>> port for<br>> > connections. I would like to write a policy that will only
<br>> allow my<br>> > program to bind to a specific port(9999). I looked at the<br>> reference<br>> > policy and see that the ports that programs are allowed to<br>> use is in
<br>> > policy/modules/kernel/corenetwork.te. My questions is, can<br>> I specify<br>> > the port in my programs type enforcement file so that I can<br>> make a<br>> > module instead of listing this in the kernel policy? If so,
<br>> what<br>> > would the syntax be?<br>><br>> portcon is only valid in the base module, not a normal<br>> loadable module.<br>> The command to generate the port entry for the policy is
<br>> semanage. It<br>> should look something like the following:<br>><br>> semanage port -a -t my_port_t -p tcp 9999<br>><br>> Forrest<br>><br>><br><br></blockquote>
</div><br>