On 01/29/2013 01:34 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/29/2013 01:19 PM, Steve Wilson wrote:
I'm migrating a CUPS print server from Ubuntu to RHEL6. Previously I had
CUPS configured to listen on port 80, 443 and 631. Now SELinux is
preventing CUPS from binding to ports 80 and 443. What would be the
recommended way to permit this in SELinux?
Thanks! Steve
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I would just add a custom policy.
# grep cups /var/log/audit/audit.log | audit2allow -M mycups
# semodule -i mycups.pp
Another option would be change the labels on those ports to cups ports, but
this would break httpd if it was also looking to use those ports.
# semanage port -m -t cups_port_t -p tcp 80
Thanks for the prompt response. This is probably a very basic SELinux
question, but when CUPS is denied access to ports 80 and 443 there are
no corresponding log entries in audit.log. The CUPS error log shows:
E [29/Jan/2013:13:45:24 -0500] Unable to bind socket for address
128.210.18.165:80 - Permission denied.
E [29/Jan/2013:13:45:24 -0500] Unable to bind socket for address
128.210.18.165:443 - Permission denied.
And I don't get these CUPS messages when SELinux is in permissive mode.
Yes, auditd is running and I do see other messages in audit.log.
Any thoughts???
Thanks,
Steve
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
