dhcpd_t needs efs_port_t:socket name_bind
Shintaro Fujiwara
shintaro.fujiwara at gmail.com
Sat Jan 3 13:14:14 UTC 2015
Yes, I changed it arbitarily in dhcpd.conf.
Thanks for your lecture and helps me a lot.
Then if I set port 67,68 no SELinux error?
I will check.
Thanks!
2015-01-03 21:51 GMT+09:00 Daniel J Walsh <dwalsh at redhat.com>:
>
> On 12/28/2014 09:47 AM, Shintaro Fujiwara wrote:
> >
> > type=AVC msg=audit(1419777402.148:425): avc: denied { name_bind }
> > for pid=2751 comm="dhcpd" src=520
> > scontext=system_u:system_r:dhcpd_t:s0
> > tcontext=system_u:object_r:efs_port_t:s0 tclass=tcp_socket permissive=0
> This looks like you have changed the port that dhcpd listens on. Port 520.
>
>
> You could change the definition of these ports.
>
> semanage port -m -t dhcpd_port_t -p tcp 520
>
> Then it will be allowed.
>
--
日本にヘヴィメタル・ハードロックを根付かせるページ
http://heavymetalhardrock.no-ip.info/
世界中でセキュアOSのSELinuxを使いやすくするフリーソフト
http://sourceforge.net/projects/segatex/
CMS(PHPとPostgreSQLを使ったフリーソフト)
http://sourceforge.net/projects/webon/
https://github.com/intrajp/irforum_jp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150103/64e3832c/attachment.html>
More information about the selinux
mailing list