Re: Prevent Apache from binding to port 80
On 09/16/2015 10:28 AM, Mario Rosic wrote:
Hello,
by default Apache is allowed to bind to Ports 80, 81, 443, 488, 8008,
8009, 8443, 9000. What if I want to further restrict that?
I can't find a way of doing that with semanage port. "semanage port -d"
only allows the deletion of additional ports that I assigned to
http_port_t earlier, it does not remove Ports 80, 81, 443, 488, 8008,
8009, 8443, 9000 from http_port_t.
Yes, this is a correct behaviour. We don't want to remove this default
definitions.
You can use something like
semanage port -m -t ABC_port_t -p tcp 80
for example and change what is defined in the policy by default.
Is it possible to do this with semanage or do I have to modify the
policy code?
Regards,
Mario Rosic
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.