-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joshua Brindle wrote: > Stephen Smalley wrote: >> On Tue, 2008-09-30 at 08:41 -0400, Daniel J Walsh wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Arthur Pemberton wrote: >>>> On Mon, Sep 29, 2008 at 3:40 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>>>> On Mon, 2008-09-29 at 15:31 -0500, Arthur Pemberton wrote: >>>>>> I'm getting an denial when I attempt o use port 23 as an additional >>>>>> port for sshd. That makes sense. What's the best way to define >>>>>> alternate SSHd ports? >>>>> semanage port -m -t ssh_port_t -p tcp 23 >>>> >>>> When trying this, I get: >>>> sealert -l 819f882a-3d08-41da-bc19-4168c9b8b4cb >>>> >>>> Even after doing that, I get this on `service sshd restart`: >>>> sealert -l 82267d8b-d557-4891-bdb0-26e0feb1e986 >>>> >>>> >>> Please send the output from that command, that number is only local to >>> your machine. >> Wondering if libsemanage does the right thing when the port already >> exists in the base policy, as in this case. It should override the base >> policy definition with the local one, but I'm not 100% sure it does. >> > > There does appear to be a bug, after running: > semanage port -m -t ssh_port_t -p tcp 8021 > > I get: > > [root@misterfreeze ~]# seinfo --portcon=8021 > portcon tcp 8021 system_u:object_r:ssh_port_t:s0 > portcon tcp 8021 system_u:object_r:zope_port_t:s0 > > > I'm not sure when I'll be able to get to this, can you take a look first Dan? Well do you think this is a bug in semanage or sepol? I though you used to get a denial when you tried to do this saying you could not modify a named port. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkjjbvMACgkQrlYvE4MpobMEngCfcSWudrlmHqTEpOnnkzWAO154 0BsAn18NWq7l5MckmQH06fPYr+5LvLvV =v6JT -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
