fedora-selinux February 2008 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: SELinux module to allow a single network port?

SELinux module to allow a single network port?

From: Chris Adams <cmadams_at_nospam>
Date: Fri Feb 15 2008 - 17:03:20 GMT
To: fedora-selinux-list@redhat.com

I originally posted this to the RHEL5 list, but someone pointed me to this list (I didn't realize there was an SELinux list).

I have done some minor SELinux customizations with a module, and now I'm trying to do something a little more complicated.

I want to allow a CGI to do a "whois" lookup. It is a perl script that is attempting to open a TCP socket to port 43. I ran audit2allow, but I think the generated rule allows CGIs to open outbound sockets to any port. I'd rather just allow TCP to port 43.

I don't see a defined whois port type, and I don't know quite how to define it myself in a module.



Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.


fedora-selinux-list mailing list