* This past week I was doing a demo of how to build an Userspace Object Manager for firewalld
@ 2014-02-11 14:07 Daniel J Walsh
0 siblings, 0 replies; only message in thread
From: Daniel J Walsh @ 2014-02-11 14:07 UTC (permalink / raw)
To: SELinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I had a problem where I wanted to allow a cupsd_t to be able to open a
particular port at the firewall, say the ipp_port_t port.
sepolicy network -t ipp_port_t
ipp_port_t: tcp: 631,8610-8614
ipp_port_t: udp: 631,8610-8614
The problem, cups is sending across and open tcp/631 and I need firewalld to
check something like
allow cupsd_t ipp_port_t:tcp_netfilter open;
The only way for firewalld to figure out what type port tcp/361 is assigned
to, was to load the sepolicy framework and read in the currently loaded policy.
I think we should add an interface to the /sys/fs/selinux that would take a
port number and a protocol and return a process_type.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL6LooACgkQrlYvE4MpobObLgCcCVn7A5N1oR1FzkWu4nxwsRB3
p/YAoKHmGISKqsJQySGZVsdPSm+lEF+Z
=jwBl
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-02-11 14:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-11 14:07 This past week I was doing a demo of how to build an Userspace Object Manager for firewalld Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.