On 09/16/2015 10:28 AM, Mario Rosic wrote: > Hello, > > by default Apache is allowed to bind to Ports 80, 81, 443, 488, 8008, > 8009, 8443, 9000. What if I want to further restrict that? > > I can't find a way of doing that with semanage port. "semanage port -d" > only allows the deletion of additional ports that I assigned to > http_port_t earlier, it does not remove Ports 80, 81, 443, 488, 8008, > 8009, 8443, 9000 from http_port_t. Yes, this is a correct behaviour. We don't want to remove this default definitions. You can use something like semanage port -m -t ABC_port_t -p tcp 80 for example and change what is defined in the policy by default. > > Is it possible to do this with semanage or do I have to modify the > policy code? > > Regards, > Mario Rosic > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux