|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
First:I think at some point, it might be worth submitting what I've done as an enhancement, minor though it may be, to stunnel. In my case, I use stunnel to establish an SSL tunnel to my ISP's smtps port from sendmail. Since I bind stunnel locally to tcp/465, I can't define stunnel_port_t (the pre-existing label for whatever port the end user chooses to use) as tcp/465 because tcp/465 is already labeled as smtp_port_t. What I've done is:
bool stunnel_can_sendmail false;
if (stunnel_can_sendmail) {
allow stunnel_t smtp_port_t : tcp_socket name_bind;
};
Does this seem the most reasonable way to do things with ports already
labeled? For a more general policy, that would mean a Boolean for every
port label. Hmm....
Second:What's the syntax in the TE file to get descriptive text attached to a Boolean declaration? Right now I get:
# semanage boolean -l | grep stunnel_can_sendmail stunnel_can_sendmail -> on stunnel_can_sendmail But I'd prefer something more informative and cosmetically pleasing like: # semanage boolean -l | grep xen_use_nfs xen_use_nfs -> off Allow xen to manage nfs files Thanks for any info and assistance. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
