No AVC when using non-standard SSH port
Dominick Grift
domg472 at gmail.com
Sat Dec 26 11:27:28 UTC 2009
On Fri, Dec 25, 2009 at 11:40:23PM -0400, Jorge Fábregas wrote:
> Hello everyone,
>
> I'm using Fedora 12 and was wondering why, If I I run my sshd on a non-
> standard port...why don't SELinux registers an access violation?
>
> I see that "ssh_port_t" is there (attached to port 22) ... Is this not
> implemented yet for SSHD?
Hi,
Good question. It seems that the policy maintainer decided to allow sshd_t to all unreserved ports.
corenet_tcp_bind_all_unreserved_ports($1_t) in ssh_server_template services/ssh.if
I dont know why and i rather not allow it to bind to all unreserved port by default either,
>
> Thanks,
> Jorge
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091226/ed04535e/attachment.sig>
More information about the fedora-selinux-list
mailing list