Author here :) I'm not aware of how selinux can solve this but I will look into ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		linschn on Oct 15, 2024 \| parent \| context \| favorite \| on: Adapting Plan 9's listen to GNU Guix Author here :) I'm not aware of how selinux can solve this but I will look into it if only just to mention it as an alternative.

zokier on Oct 15, 2024 [–]

the typical way to allow something to bind to specific ports in selinux would be something like

   allow foo_t http_port_t : tcp_socket name_bind ;

the biggest problems are that you need to a) confine your users b) label everything

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact