[Arm-dev] Solved kind of - Re: semanage messages with selinux enforced

Robert Moskowitz rgm at htt-consult.com
Tue Dec 22 16:49:11 UTC 2015 

As you may note from my other selinux message post, these are messages 
that are just there in selinux, having nothing, much, to do with running 
semanage.  They indicate a potential issue that since semanage is making 
one change, there are some 'outstanding problems'?

On 12/21/2015 04:04 PM, Robert Moskowitz wrote:
> So one of the first things I do on a new system is to move SSHD to a 
> different port.  The semanage command is now well documented in the 
> config file:
>
> # semanage port -a -t ssh_port_t -p tcp 1234
>
> That is not the port I use, but the port number is not important. I 
> get the following messages.  Note that on my Fedora notebooks and 
> Fedora23-arm builds I do not get these messages with the same command:
>
> [ 2764.233201] SELinux:  Class netlink_iscsi_socket not defined in 
> policy.
> [ 2764.240183] SELinux:  Class netlink_fib_lookup_socket not defined 
> in policy.
> [ 2764.247573] SELinux:  Class netlink_connector_socket not defined in 
> policy.
> [ 2764.254900] SELinux:  Class netlink_netfilter_socket not defined in 
> policy.
> [ 2764.262239] SELinux:  Class netlink_generic_socket not defined in 
> policy.
> [ 2764.269398] SELinux:  Class netlink_scsitransport_socket not 
> defined in policy.
> [ 2764.277027] SELinux:  Class netlink_rdma_socket not defined in policy.
> [ 2764.283880] SELinux:  Class netlink_crypto_socket not defined in 
> policy.
> [ 2764.290990] SELinux:  Permission audit_read in class capability2 
> not defined in policy.
> [ 2764.299367] SELinux:  Class binder not defined in policy.
> [ 2764.305053] SELinux: the above unknown classes and permissions will 
> be allowed
>
> The semanage command seems to have worked, as I can connect to sshd on 
> the port I moved it to.
>
> I don't know if this constitutes a bug to file a bug report or not. I 
> did this on the serial console and maybe that is why I am seeing these 
> messages.  But I do it on the serial console port with F23-arm and 
> don't get these messages.
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev
>

More information about the Arm-dev mailing list