Allowing CUPS to use http ports 80 and 443
Steve Wilson
stevew at purdue.edu
Tue Jan 29 20:30:05 UTC 2013
On 01/29/2013 03:23 PM, Matthew Miller wrote:
> On Tue, Jan 29, 2013 at 02:42:30PM -0500, Steve Wilson wrote:
>>>> Another option would be change the labels on those ports to cups ports, but
>>>> this would break httpd if it was also looking to use those ports.
>>>> # semanage port -m -t cups_port_t -p tcp 80
>>> Given that replacing httpd with CUPS running their directly is the intended
>>> use of the machine, that actually seems better -- if httpd breaks, *good*,
>>> because it's not supposed to be there.
>> I think I'll go with this approach. Thanks for all the help!
> I should add, though, that it might be even better to run httpd on ports
> 80/443 and proxy to the CUPS ports on localhost. This gives you an
> additional level of control, and you don't have to change anything SELinux
> related.
>
>
True, but it's also another service that's running and requires
configuration, etc. (even though very minimal...).
Steve
More information about the selinux
mailing list