I am running into an issue using a 2fa binary through a squid proxy. I am writing the
selinux policy for the 2fa binary, but when when I attempt to access the system via ssh I
am seeing the following AVC
type=AVC msg=audit(1564694436.236:1003): avc: denied { name_connect } for pid=30620
comm="starling" dest=3128 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:squid_port_t:s0 tclass=tcp_socket permissive=0
The following will fix it for the squid proxy:
corenet_tcp_connect_squid_port(sshd_t)
but what if tomorrow I decide to use a different proxy, that uses a different port. What
is the correct way to set this up so that regardless of what proxy is being used on
whatever port I don't have to update my policy every time?
Thanks,
Jayson