package review?

Joshua Brindle jbrindle at tresys.com
Mon Jul 24 14:41:34 UTC 2006


> From: Daniel J Walsh [mailto:dwalsh at redhat.com] 
<snip>
> 
> gen_requires(`
>        attribute port_type;
> ')
> 
> type crossfire_port_t, port_type;
> 
> allow crossfire_t crossfire_port_t:udp_socket send_msg; allow 
> crossfire_t crossfire_port_t:tcp_socket name_bind;
> 
> 
> 
> And in your install after the policy load
> 
> semanage port -a -t crossfire_port_t -p tcp MYPORTNUM 
> semanage port -a -t crossfire_port_t -p udp MYPORTNUM
> 

This looks fine to me. If we start doing this the rpm spec file should
probably do it and should undo it on uninstall since the link will fail
if the module is removed without these rules being removed.




More information about the fedora-selinux-list mailing list