Dnia 03/08/2006 08:56 PM, Użytkownik Stephen Smalley napisał:
semanage man page sucks a bit (no examples), so it took me few minutes
to construct this command:
semanage port -a -t ftp_port_t -p tcp 7777
Heh, I've found today this link →
http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions#head-b8a7b039fa3a44f1d20c4e5035992af02426709d
:-)
Policy (both FC4 and FC5) appear to allow ftpd to bind to generic ports
(port_t) outside of the reserved range plus the ftp data port and the
ftp service port.
I did not know that. I thought that policy blocks binding to any port
except ftp_port_t. (Yes, I did not read domains/program/ftpd.te :P )
Hmmm... would you be willing to explain me why ftpd is allowed to bind
to port_t? If it's done on purpose, why 1-1023 ports are so important
that they cannot be used without policy modification?
Did you mean 777 or 7777?
I used port 777 on FC4 and 7777 one on FC5 - I did not know that it
would make a difference.
Thanks for your help!
--
^_*
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
