hello,
i'm working on a tutorial for selinux. in this tutorial i use nc
(netcat) as simple server. but i wonder, why nc -l 5555** (nc runs in
a own domain) does not need the name_bind permission to bind a port.
i already asked here regarding to this, but nobody has answered.
can someone tell me how name_bind,bind and node_bind work and where
the differences are?
i tried this with socat (http://www.dest-unreach.org/socat/) too.
same effect. both socat and nc "never"* need name_bind.
is it possible that this pb is relying on how nc and socat work?
tnx in advance && if you need further information, please let me
know ...
--
Sebastian Pfaff
* funny is, if i implement a boolean which allows nc or socat to use
any port or only a speficic port, then i can see a name_bind "entry"
when in permissive mode in my avc log. but i can't reproduce it.
maybe this is another problem.
** same with echo "hello world" | socat - TCP-LISTEN:
33331,bind=127.0.0.1
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
