On Tue, Jul 27, 2010 at 10:31:31AM -0400, David P. Quigley wrote: > On Mon, 2010-07-26 at 16:48 -0400, Ralph Blach wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > good afternoon, > > I happen to be a novice at selinux and wish more familiar with it. > > > > This worked before but it does not work now. > > > > I wish to put ssh on port 443 > > > > Before I used the commands > > > > > > semanage port -d -t http_port_t -p tcp 443 > > semanage port -a -t sshd_port_t -p tcp 443 > > > > and these worked perfectly. > > > > Now I get the error > > > > semanage port -d -t http_port_t -p tcp 443 > > /usr/sbin/semanage: Port tcp/443 is defined in policy, cannot be deleted > > [root@chipblach ~]# > > > > > > How do I get around this and and get semanage to function? > > > > > > what is a defined policy and how I edit it? > > > > Thanks > > > > what I did was semanage port -m -t ssh_port_t -p tcp 443 and it added > 443 to the list of ports for ssh_port_t. The issue is that 443 is still > listed under the ports for http_port_t as well. If I remember correctly > it should take the last change made as the label for the port. So even > though it says 443 for http_port_t it will match the entry for > ssh_port_t. I do not think it works like that but i could be wrong. tcp 443 is defined in policy for httpd_t. What you could do it use audit2allow to allow sshd to interact with http_port_t instead. > > Dave > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message.
Attachment:
pgp7LJnXYEDwR.pgp
Description: PGP signature
