Gents, We're building a policy for JBoss. Jboss uses atleast port 8080 and 8083. Besides this, the application we use on JBoss also opens port 8443 (https) While building the jboss-module we ofcourse want to claim these ports and patch corenetwork. However, this is where our problem arises; HTTP has claimed some of the ports we need and http-cache has claimed 8080 allready. But http and http-cache allow to open more ports (80, 443, 488, 8008, 8009) than we really need. We think this is against the SElinux policy of least privilege. So how do we deal with these kinds of port conflicts? Maybe corenetwork isn't the best place to define unreserved (> 1024) ports? Cheers, Bart -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
