Ports in the local port range can be auto-assigned by the kernel to unbound sockets on first use. So it makes no sense to control them, and there isn't even an LSM hook in the place where such auto-port selection occurs. Controlling binding to ports is only useful when the port number is a "name" (i.e. a well-defined value that is expected to correspond to a specific service), to prevent spoofing of security-relevant services like sshd. On Fri, Jan 9, 2015 at 4:05 PM, Dominick Grift <dac.override@xxxxxxxxx> wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1174405 > > This is a inconsistency in SELinux > > > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
