Hi,
policy 1.17.3 and later are not being handled properly by checkpolicy,
because the update that was supposed to go out with checkpolicy-1.16.2
was not built properly due to a packaging mistake. End result: All
reserved ports are remapped to reserved_port_t, and most daemons will
fail during startup due to a lack of name_bind permission, at least with
strict policy. Fixed checkpolicy should be available soon.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency
Show replies by date