I have several things that I'd like to be able to stand up as servers on Fedora. I know I can run at least some of these in podman or docker but I already know how to do that. I also already know how to allow it for existing services like ssh if all I want to do is use a custom port via:
sudo semanage port -a -t ssh_port_t -p tcp 2222
But my problem is that selinux already defines the ssh_port_t type. What if I have some custom app that I can't or don't want to run in a container for some reason, how would I allow a port for something that does NOT have an already predefined type in semanage port --list?
For this example, let's say I'm trying to run /path/myNiftyGameServer and want to allow it to connect on udp port 12345 (which is currently unused on my system). How can I do this?
Background-wise, I don't claim to be a guru but I feel relatively proficient with bash and Linux in general but am still very much a novice when it comes to SELinux (I know about labels, restorecon, and some basic semanage commands but am still learning).
Please assume that I am unwilling to simply disable SELinux (because I am). If this question seems unpractical, it is fine to make additional suggestions but I am asking mostly because I'm curious how this problem would be solved in SELinux and have not been able to find a solution on my own except for existing types like my ssh example above. Please feel free to suggest other relevant reading topics for SELinux newbies.
Edit: From additional searches and based on my finding a Starbound server on Centos and a Soldat Dedicated server policy, I'm guessing that maybe I need to learn how to write an SELinux policy? Crazy that I need that much when a service simply doesn't have a name but I still want to learn how to do it.
Edit 2: After getting some time to read thorough them, the Starbound link does not appear to be what I'm after; the only SELinux policy writing was for a separate Apache server (Apache is already defined) rather than for a game server. The Soldat one seems very close to what I'm after but I think I need a primer on policy writing to be able to get there. In particular, I am really only interested in how to open a port for a custom server / web service. Setting file path access sounds nice too but I can manage that with user accounts whereas even if I open a network port in firewall-cmd (firewalld), it will still be blocked by SELinux if I'm not mistaken (I know I had this issue in the past but I suppose I could retest to be sure).
