after running semanage, will the information remain in the policy after a reboot?<br clear="all"><br>-- <br>..Cheers<br>Mark
<br><br><div><span class="gmail_quote">On 8/8/07, <b class="gmail_sendername">Forrest Taylor</b> <<a href="mailto:ftaylor@redhat.com">ftaylor@redhat.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
That is one way to do it. If you run the semanage utility, it will<br>compile that information into the policy as well, and you don't have to<br>recompile the base policy.<br><br>Forrest<br><br>On Wed, 2007-08-08 at 13:21 -0400, Mark wrote:
<br>> ok. Thanks.<br>><br>> So I need to update corenetwork.te, recompile the policy, set the<br>> policy to the newly compiled one and reboot? Correct?<br>><br>><br>><br>> --<br>> ..Cheers<br>
> Mark<br>><br>> On 8/8/07, Forrest Taylor <<a href="mailto:ftaylor@redhat.com">ftaylor@redhat.com</a>> wrote:<br>> You cannot. You need to run this as a separate command or<br>> build it into
<br>> the base module (corenetwork.te).<br>><br>> Forrest<br>><br>> On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:<br>> > thanks for the information, but how could I add this to
<br>> my .te file?<br>> ><br>> ><br>> > --<br>> > ..Cheers<br>> > Mark<br>> ><br>> > On 8/8/07, Forrest Taylor <
<a href="mailto:ftaylor@redhat.com">ftaylor@redhat.com</a>> wrote:<br>> > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:<br>> > > I am new to writing policies and have been reading
<br>> the<br>> > reference<br>> > > policy files. I wrote a simple TCP server that<br>> listens on a<br>> > port for<br>> > > connections. I would like to write a policy that
<br>> will only<br>> > allow my<br>> > > program to bind to a specific port(9999). I<br>> looked at the<br>> > reference<br>> > > policy and see that the ports that programs are
<br>> allowed to<br>> > use is in<br>> > > policy/modules/kernel/corenetwork.te. My<br>> questions is, can<br>> > I specify<br>> > > the port in my programs type enforcement file so
<br>> that I can<br>> > make a<br>> > > module instead of listing this in the kernel<br>> policy? If so,<br>> > what<br>> > > would the syntax be?
<br>> ><br>> > portcon is only valid in the base module, not a<br>> normal<br>> > loadable module.<br>> > The command to generate the port entry for the
<br>> policy is<br>> > semanage. It<br>> > should look something like the following:<br>> ><br>> > semanage port -a -t my_port_t -p tcp 9999
<br>> ><br>> > Forrest<br>> ><br>> ><br>><br>><br><br></blockquote></div><br>