Re: Prevent Apache from binding to port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/16/2015 10:28 AM, Mario Rosic wrote:
> Hello,
> 
> by default Apache is allowed to bind to Ports 80, 81, 443, 488, 8008,
> 8009, 8443, 9000. What if I want to further restrict that?
> 
> I can't find a way of doing that with semanage port. "semanage port -d"
> only allows the deletion of additional ports that I assigned to
> http_port_t earlier, it does not remove Ports 80, 81, 443, 488, 8008,
> 8009, 8443, 9000 from http_port_t.

Yes, this is a correct behaviour. We don't want to remove this default
definitions.

You can use something like

semanage port -m -t ABC_port_t -p tcp 80

for example and change what is defined in the policy by default.

> 
> Is it possible to do this with semanage or do I have to modify the
> policy code?
> 
> Regards,
> Mario Rosic
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux