|Main Archive Page > Month Archives > fedora-selinux archives|
On Fri, 2008-02-15 at 11:03 -0600, Chris Adams wrote:
> I originally posted this to the RHEL5 list, but someone pointed me to
> this list (I didn't realize there was an SELinux list).
> I have done some minor SELinux customizations with a module, and now I'm
> trying to do something a little more complicated.
> I want to allow a CGI to do a "whois" lookup. It is a perl script that
> is attempting to open a TCP socket to port 43. I ran audit2allow, but I
> think the generated rule allows CGIs to open outbound sockets to any
> port. I'd rather just allow TCP to port 43.
> I don't see a defined whois port type, and I don't know quite how to
> define it myself in a module.
Possibly something like this:
$ vi whois.te
type whois_port_t, port_type;
$ make -f /usr/share/selinux/devel/Makefile whois.pp $ su
# semodule -i whois.pp
# semanage port -a -t whois_port_t -p tcp 43 -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list firstname.lastname@example.org https://www.redhat.com/mailman/listinfo/fedora-selinux-list