I have a linux user s001 and their applications should be able to bind on port 30001 only.
I added a new SELinux user s001_u with and connected it to user s001:
semanage user --add s001_u --roles "guest_r"
semanage login --add --seuser s001_u s001
But I can't figure out how to write the policy accordingly. This
module my_policy 1.0;
type port_s001_t;
corenet_port(port_s001_t);
allow s001_u port_s001_t:tcp_socket name_bind;
results in the error "ERROR 'unknown type s001_u' at token ';'", so clearly the "s001_u" is not allowed here and it is expecting a type instead. But I really can't figure out which type or how to create a new type for that user.
Does anyone know how to apply such a rule to a specific user?
