So one of the first things I do on a new system is to move SSHD to a different port. The semanage command is now well documented in the config file:
# semanage port -a -t ssh_port_t -p tcp 1234
That is not the port I use, but the port number is not important. I get the following messages. Note that on my Fedora notebooks and Fedora23-arm builds I do not get these messages with the same command:
[ 2764.233201] SELinux: Class netlink_iscsi_socket not defined in policy. [ 2764.240183] SELinux: Class netlink_fib_lookup_socket not defined in policy. [ 2764.247573] SELinux: Class netlink_connector_socket not defined in policy. [ 2764.254900] SELinux: Class netlink_netfilter_socket not defined in policy. [ 2764.262239] SELinux: Class netlink_generic_socket not defined in policy. [ 2764.269398] SELinux: Class netlink_scsitransport_socket not defined in policy. [ 2764.277027] SELinux: Class netlink_rdma_socket not defined in policy. [ 2764.283880] SELinux: Class netlink_crypto_socket not defined in policy. [ 2764.290990] SELinux: Permission audit_read in class capability2 not defined in policy. [ 2764.299367] SELinux: Class binder not defined in policy. [ 2764.305053] SELinux: the above unknown classes and permissions will be allowed
The semanage command seems to have worked, as I can connect to sshd on the port I moved it to.
I don't know if this constitutes a bug to file a bug report or not. I did this on the serial console and maybe that is why I am seeing these messages. But I do it on the serial console port with F23-arm and don't get these messages.
As you may note from my other selinux message post, these are messages that are just there in selinux, having nothing, much, to do with running semanage. They indicate a potential issue that since semanage is making one change, there are some 'outstanding problems'?
On 12/21/2015 04:04 PM, Robert Moskowitz wrote:
So one of the first things I do on a new system is to move SSHD to a different port. The semanage command is now well documented in the config file:
# semanage port -a -t ssh_port_t -p tcp 1234
That is not the port I use, but the port number is not important. I get the following messages. Note that on my Fedora notebooks and Fedora23-arm builds I do not get these messages with the same command:
[ 2764.233201] SELinux: Class netlink_iscsi_socket not defined in policy. [ 2764.240183] SELinux: Class netlink_fib_lookup_socket not defined in policy. [ 2764.247573] SELinux: Class netlink_connector_socket not defined in policy. [ 2764.254900] SELinux: Class netlink_netfilter_socket not defined in policy. [ 2764.262239] SELinux: Class netlink_generic_socket not defined in policy. [ 2764.269398] SELinux: Class netlink_scsitransport_socket not defined in policy. [ 2764.277027] SELinux: Class netlink_rdma_socket not defined in policy. [ 2764.283880] SELinux: Class netlink_crypto_socket not defined in policy. [ 2764.290990] SELinux: Permission audit_read in class capability2 not defined in policy. [ 2764.299367] SELinux: Class binder not defined in policy. [ 2764.305053] SELinux: the above unknown classes and permissions will be allowed
The semanage command seems to have worked, as I can connect to sshd on the port I moved it to.
I don't know if this constitutes a bug to file a bug report or not. I did this on the serial console and maybe that is why I am seeing these messages. But I do it on the serial console port with F23-arm and don't get these messages.
Arm-dev mailing list Arm-dev@centos.org https://lists.centos.org/mailman/listinfo/arm-dev
-
Robert Moskowitz