only allow 1 port for listening
Mark
elihusmails at gmail.com
Wed Aug 8 17:12:33 UTC 2007
thanks for the information, but how could I add this to my .te file?
--
..Cheers
Mark
On 8/8/07, Forrest Taylor <ftaylor at redhat.com> wrote:
>
> On Wed, 2007-08-08 at 11:40 -0400, Mark wrote:
> > I am new to writing policies and have been reading the reference
> > policy files. I wrote a simple TCP server that listens on a port for
> > connections. I would like to write a policy that will only allow my
> > program to bind to a specific port(9999). I looked at the reference
> > policy and see that the ports that programs are allowed to use is in
> > policy/modules/kernel/corenetwork.te. My questions is, can I specify
> > the port in my programs type enforcement file so that I can make a
> > module instead of listing this in the kernel policy? If so, what
> > would the syntax be?
>
> portcon is only valid in the base module, not a normal loadable module.
> The command to generate the port entry for the policy is semanage. It
> should look something like the following:
>
> semanage port -a -t my_port_t -p tcp 9999
>
> Forrest
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070808/b167d18c/attachment.htm>
More information about the fedora-selinux-list
mailing list