Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx> --- v2: rephrases the whole things src/network_support.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/network_support.md b/src/network_support.md index bec725e..a8fe234 100644 --- a/src/network_support.md +++ b/src/network_support.md @@ -668,6 +668,14 @@ statements): semanage port -a -t my_server_port_t -p tcp -r s0 12345 ``` +Only ports that fall outside the local, or ephemeral, port range are +subject to the additional *name_bind* access check. You can see the +current ephemeral port range on your system by checking the +*net.ipv4.ip_local_port_range* sysctl: +``` +sysctl net.ipv4.ip_local_port_range +``` + ## Labeled Network FileSystem (NFS) Version 4.2 of NFS supports labeling between client/server and requires -- 2.36.1
