On 01/29/2013 03:23 PM, Matthew Miller wrote:
On Tue, Jan 29, 2013 at 02:42:30PM -0500, Steve Wilson wrote:
Another option would be change the labels on those ports to cups ports, but
this would break httpd if it was also looking to use those ports.
# semanage port -m -t cups_port_t -p tcp 80
Given that replacing httpd with CUPS running their directly is the intended
use of the machine, that actually seems better -- if httpd breaks, *good*,
because it's not supposed to be there.
I think I'll go with this approach. Thanks for all the help!
I should add, though, that it might be even better to run httpd on ports
80/443 and proxy to the CUPS ports on localhost. This gives you an
additional level of control, and you don't have to change anything SELinux
related.
True, but it's also another service that's running and requires
configuration, etc. (even though very minimal...).
Steve
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
