On Tue, 2008-09-30 at 08:41 -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Arthur Pemberton wrote:
> On Mon, Sep 29, 2008 at 3:40 PM, Stephen Smalley <sds(a)tycho.nsa.gov> wrote:
>> On Mon, 2008-09-29 at 15:31 -0500, Arthur Pemberton wrote:
>>> I'm getting an denial when I attempt o use port 23 as an additional
>>> port for sshd. That makes sense. What's the best way to define
>>> alternate SSHd ports?
>> semanage port -m -t ssh_port_t -p tcp 23
>
>
>
> When trying this, I get:
> sealert -l 819f882a-3d08-41da-bc19-4168c9b8b4cb
>
> Even after doing that, I get this on `service sshd restart`:
> sealert -l 82267d8b-d557-4891-bdb0-26e0feb1e986
>
>
Please send the output from that command, that number is only local to
your machine.
Wondering if libsemanage does the right thing when the port already
exists in the base policy, as in this case. It should override the base
policy definition with the local one, but I'm not 100% sure it does.
--
Stephen Smalley
National Security Agency