You cannot. You need to run this as a separate command or build it into the base module (corenetwork.te).
Forrest
On Wed, 2007-08-08 at 13:12 -0400, Mark wrote:
thanks for the information, but how could I add this to my .te file?
-- ..Cheers Mark
On 8/8/07, Forrest Taylor ftaylor@redhat.com wrote: On Wed, 2007-08-08 at 11:40 -0400, Mark wrote: > I am new to writing policies and have been reading the reference > policy files. I wrote a simple TCP server that listens on a port for > connections. I would like to write a policy that will only allow my > program to bind to a specific port(9999). I looked at the reference > policy and see that the ports that programs are allowed to use is in > policy/modules/kernel/corenetwork.te. My questions is, can I specify > the port in my programs type enforcement file so that I can make a > module instead of listing this in the kernel policy? If so, what > would the syntax be?
portcon is only valid in the base module, not a normal loadable module. The command to generate the port entry for the policy is semanage. It should look something like the following: semanage port -a -t my_port_t -p tcp 9999 Forrest