That is one way to do it. If you run the semanage utility, it will compile that information into the policy as well, and you don't have to recompile the base policy.
Forrest
On Wed, 2007-08-08 at 13:21 -0400, Mark wrote:
ok. Thanks.
So I need to update corenetwork.te, recompile the policy, set the policy to the newly compiled one and reboot? Correct?
-- ..Cheers Mark
On 8/8/07, Forrest Taylor ftaylor@redhat.com wrote: You cannot. You need to run this as a separate command or build it into the base module (corenetwork.te).
Forrest On Wed, 2007-08-08 at 13:12 -0400, Mark wrote: > thanks for the information, but how could I add this to my .te file? > > > -- > ..Cheers > Mark > > On 8/8/07, Forrest Taylor <ftaylor@redhat.com> wrote: > On Wed, 2007-08-08 at 11:40 -0400, Mark wrote: > > I am new to writing policies and have been reading the > reference > > policy files. I wrote a simple TCP server that listens on a > port for > > connections. I would like to write a policy that will only > allow my > > program to bind to a specific port(9999). I looked at the > reference > > policy and see that the ports that programs are allowed to > use is in > > policy/modules/kernel/corenetwork.te. My questions is, can > I specify > > the port in my programs type enforcement file so that I can > make a > > module instead of listing this in the kernel policy? If so, > what > > would the syntax be? > > portcon is only valid in the base module, not a normal > loadable module. > The command to generate the port entry for the policy is > semanage. It > should look something like the following: > > semanage port -a -t my_port_t -p tcp 9999 > > Forrest > >