File a bug!!! On 2 April 2015 at 16:20, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > On Wed, April 1, 2015 16:09, Andrew Holway wrote: > > I used the command: semanage port -m -t http_port_t -p tcp 8000 > > to relabel a port. perhaps you could try: > > "semanage port -m -t unconfined_t -p tcp 8000" > > Failing that; would it work to run your application in the httpd_t > > domain? > > > > I ended up having to create a custom policy to allow the other > application to have access to the http_port_t context. Which is not > an issue given that no httpd service is, or will ever be, installed on > that host. > > However, it seems a rather dangerous hole in the logical design of > SELinux that one cannot explicitly remove and reassign contexts to > ports. In order to accomplish this on a system running httpd but > attached to non-standard ports one perforce is required to cross link > permissions between all of the affected processes. Which I cannot > conceive as a security enhancement. > > > -- > *** E-Mail is NOT a SECURE channel *** > James B. Byrne mailto:ByrneJB at Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >