File a bug!!!
On 2 April 2015 at 16:20, James B. Byrne byrnejb@harte-lyne.ca wrote:
On Wed, April 1, 2015 16:09, Andrew Holway wrote:
I used the command: semanage port -m -t http_port_t -p tcp 8000 to relabel a port. perhaps you could try: "semanage port -m -t unconfined_t -p tcp 8000" Failing that; would it work to run your application in the httpd_t domain?
I ended up having to create a custom policy to allow the other application to have access to the http_port_t context. Which is not an issue given that no httpd service is, or will ever be, installed on that host.
However, it seems a rather dangerous hole in the logical design of SELinux that one cannot explicitly remove and reassign contexts to ports. In order to accomplish this on a system running httpd but attached to non-standard ports one perforce is required to cross link permissions between all of the affected processes. Which I cannot conceive as a security enhancement.
-- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos