I always move sshd to another port. To do this I first edit
/etc/ssh/sshd_config, then I install policycoreutils-python, I add the
port with firewall-cmd. Finally I run:
semanage port -a -t ssh_port_t -p tcp nnnn
But I get the following messages:
[ 3361.125530] SELinux: Permission audit_read in class capability2 not
defined in policy.
[ 3361.133774] SELinux: the above unknown classes and permissions will
be allowed
[ 3361.335779] SELinux: Context
unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid
(unmapped).
[ 3363.158309] SELinux: Context
system_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 3365.663049] SELinux: Context
system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 3366.457523] SELinux: Context
unconfined_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
But I restart sshd and check status
systemctl restart sshd.service
systemctl -l status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Sun 2014-08-03 21:39:28 EDT; 34s ago
Main PID: 26262 (sshd)
CGroup: /system.slice/sshd.service
└─26262 /usr/sbin/sshd -D
Aug 03 21:39:28 cb2.htt-consult.com systemd[1]: Started OpenSSH server
daemon.
Aug 03 21:39:28 cb2.htt-consult.com sshd[26262]: Server listening on
0.0.0.0 port nnnn.
Aug 03 21:39:28 cb2.htt-consult.com sshd[26262]: Server listening on ::
port nnnn.
And I can ssh to port nnnn. So what with those policy messages?
_______________________________________________
arm mailing list
arm@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/arm