As you may note from my other selinux message post, these are messages that are just there in selinux, having nothing, much, to do with running semanage. They indicate a potential issue that since semanage is making one change, there are some 'outstanding problems'?
On 12/21/2015 04:04 PM, Robert Moskowitz wrote:
So one of the first things I do on a new system is to move SSHD to a different port. The semanage command is now well documented in the config file:
# semanage port -a -t ssh_port_t -p tcp 1234
That is not the port I use, but the port number is not important. I get the following messages. Note that on my Fedora notebooks and Fedora23-arm builds I do not get these messages with the same command:
[ 2764.233201] SELinux: Class netlink_iscsi_socket not defined in policy. [ 2764.240183] SELinux: Class netlink_fib_lookup_socket not defined in policy. [ 2764.247573] SELinux: Class netlink_connector_socket not defined in policy. [ 2764.254900] SELinux: Class netlink_netfilter_socket not defined in policy. [ 2764.262239] SELinux: Class netlink_generic_socket not defined in policy. [ 2764.269398] SELinux: Class netlink_scsitransport_socket not defined in policy. [ 2764.277027] SELinux: Class netlink_rdma_socket not defined in policy. [ 2764.283880] SELinux: Class netlink_crypto_socket not defined in policy. [ 2764.290990] SELinux: Permission audit_read in class capability2 not defined in policy. [ 2764.299367] SELinux: Class binder not defined in policy. [ 2764.305053] SELinux: the above unknown classes and permissions will be allowed
The semanage command seems to have worked, as I can connect to sshd on the port I moved it to.
I don't know if this constitutes a bug to file a bug report or not. I did this on the serial console and maybe that is why I am seeing these messages. But I do it on the serial console port with F23-arm and don't get these messages.
Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev