SELinux module to allow a single network port?
Chris Adams
cmadams at hiwaay.net
Fri Feb 15 17:03:20 UTC 2008
I originally posted this to the RHEL5 list, but someone pointed me to
this list (I didn't realize there was an SELinux list).
I have done some minor SELinux customizations with a module, and now I'm
trying to do something a little more complicated.
I want to allow a CGI to do a "whois" lookup. It is a perl script that
is attempting to open a TCP socket to port 43. I ran audit2allow, but I
think the generated rule allows CGIs to open outbound sockets to any
port. I'd rather just allow TCP to port 43.
I don't see a defined whois port type, and I don't know quite how to
define it myself in a module.
Help?
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the fedora-selinux-list
mailing list