On Wed, April 1, 2015 16:09, Andrew Holway wrote: > I used the command: semanage port -m -t http_port_t -p tcp 8000 > to relabel a port. perhaps you could try: > "semanage port -m -t unconfined_t -p tcp 8000" > Failing that; would it work to run your application in the httpd_t > domain? > I ended up having to create a custom policy to allow the other application to have access to the http_port_t context. Which is not an issue given that no httpd service is, or will ever be, installed on that host. However, it seems a rather dangerous hole in the logical design of SELinux that one cannot explicitly remove and reassign contexts to ports. In order to accomplish this on a system running httpd but attached to non-standard ports one perforce is required to cross link permissions between all of the affected processes. Which I cannot conceive as a security enhancement. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3