[Arm-dev] semanage messages with selinux enforced

Mon Dec 21 21:04:34 UTC 2015
Robert Moskowitz <rgm at htt-consult.com>

So one of the first things I do on a new system is to move SSHD to a 
different port.  The semanage command is now well documented in the 
config file:

# semanage port -a -t ssh_port_t -p tcp 1234

That is not the port I use, but the port number is not important.  I get 
the following messages.  Note that on my Fedora notebooks and 
Fedora23-arm builds I do not get these messages with the same command:

[ 2764.233201] SELinux:  Class netlink_iscsi_socket not defined in policy.
[ 2764.240183] SELinux:  Class netlink_fib_lookup_socket not defined in 
policy.
[ 2764.247573] SELinux:  Class netlink_connector_socket not defined in 
policy.
[ 2764.254900] SELinux:  Class netlink_netfilter_socket not defined in 
policy.
[ 2764.262239] SELinux:  Class netlink_generic_socket not defined in policy.
[ 2764.269398] SELinux:  Class netlink_scsitransport_socket not defined 
in policy.
[ 2764.277027] SELinux:  Class netlink_rdma_socket not defined in policy.
[ 2764.283880] SELinux:  Class netlink_crypto_socket not defined in policy.
[ 2764.290990] SELinux:  Permission audit_read in class capability2 not 
defined in policy.
[ 2764.299367] SELinux:  Class binder not defined in policy.
[ 2764.305053] SELinux: the above unknown classes and permissions will 
be allowed

The semanage command seems to have worked, as I can connect to sshd on 
the port I moved it to.

I don't know if this constitutes a bug to file a bug report or not. I 
did this on the serial console and maybe that is why I am seeing these 
messages.  But I do it on the serial console port with F23-arm and don't 
get these messages.