Hacker News new | ask | show | jobs
by linschn 607 days ago
Author here :)

I'm not aware of how selinux can solve this but I will look into it if only just to mention it as an alternative.
1 comments
zokier 607 days ago
the typical way to allow something to bind to specific ports in selinux would be something like

   allow foo_t http_port_t : tcp_socket name_bind ;
the biggest problems are that you need to a) confine your users b) label everything
link