From: Richard Haines <richard_c_haines@btinternet.com>
To: Stephen Smalley <sds@tycho.nsa.gov>,
Dominick Grift <dac.override@gmail.com>,
"selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
Eric Paris <eparis@parisplace.org>
Subject: Re: CIL: invalid protocol (dccp portcon)
Date: Mon, 28 Mar 2016 13:29:15 +0000 (UTC) [thread overview]
Message-ID: <768212085.1911631.1459171755950.JavaMail.yahoo@mail.yahoo.com> (raw)
In-Reply-To: <56F93129.6020408@tycho.nsa.gov>
> On Monday, 28 March 2016, 14:26, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > On 03/28/2016 08:53 AM, Dominick Grift wrote:
>>
>> I was adding support for syslog ports, and /etc/services indicated to
>> me that syslog(_tls) has support for dccp protocol. So tried to add
>> that support in.
>>
>> However when trying to specify a portcon, secilc tells me dccp is an
>> invalid protocol.
>>
>> e.g.
>>
>> (portcon "dccp" 6514 port_obj_context)
>
> Doesn't appear to be supported by the selinux userspace presently (even
> apart from CIL). Not sure why. Looking back, I see the original
> "SELinux support for DCCP" RFC thread, which included a (now dead)
> link
> to patches for userspace support, but I don't see any indication that
> they were ever submitted.
The only valid portcon protocol types supported by the kernel and policy
statements are "tcp" and "udp". I did some time ago send RFC patches
(kernel & CIL) to add "dccp" and "sctp" but these died. Adding support
for a dccp portcon statement would not be difficult as there is SELinux
support already for the protocol (policycoreutils is a pain though as
lots of language files !!!).
>
>
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>
prev parent reply other threads:[~2016-03-28 13:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-28 12:53 CIL: invalid protocol (dccp portcon) Dominick Grift
2016-03-28 13:21 ` Paul Moore
2016-03-28 13:22 ` Dominick Grift
2016-03-28 13:27 ` Stephen Smalley
2016-03-28 13:29 ` Richard Haines [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=768212085.1911631.1459171755950.JavaMail.yahoo@mail.yahoo.com \
--to=richard_c_haines@btinternet.com \
--cc=dac.override@gmail.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.