My first policy (memcached)
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 17 21:14:57 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Konstantin Ryabitsev wrote:
> On 9/12/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> Do web applications communicate with this daemon over the network port?
>
> Yes, normally via tcp. I don't think they actually use unix sockets.
> What kind of interface(s) would be useful for that?
>
You need to define a port
type memcached_port_t;
port_type(memcached_port_t)
allow memcached_t memcached_port_t:tcp_socket name_bind;
Interfaces would be something like
interface(`memcached_port_connect'. `
gen_require (`
type memcached_port_t;
')
allow $1 memcached_port_t:tcp_port name_connect;
')
Finally need to execute
semanage port -a -m memcached_port_t -P tcp 11211
>> Please submit to upstream for approval, Then lets get it into fedora.
>
> By upstream, do you mean the packager, or the very upstream?
>
Either. If the packager wants to ship it with his product all the better.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG7u5RrlYvE4MpobMRArK1AKDjZ0NSoyeK6WrY9iF4Ora0iwztUACgp4zp
pVSCOBwM5Kp0FBoEQ7uH+4Y=
=SxRq
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list