allowing programs to open ports
Reindl Harald
h.reindl at thelounge.net
Mon Dec 22 09:18:32 UTC 2014
Am 22.12.2014 um 10:10 schrieb drago01:
> On Mon, Dec 22, 2014 at 9:26 AM, Björn Persson <Bjorn at rombobjörn.se> wrote:
>> Stephen John Smoogen wrote:
>>> Uhm no. You seem to be wanting a fight over something, and I have no
>>> mood to engage. I hope you have a more pleasant holidays than what
>>> your tone indicates you are currently having.
>>
>> The idea of making two calls to open a port seemed like a bad design to
>> me, so I proposed what seemed like a better design.
>
> FWIW we already have a mechanism to restricts which ports specific
> applications are allowed to open without using firewalld at all. Its
> called "SELinux" (only works for confined domains but server
> applications should run in one anyway)
that don't solve the "firewall open on ports greater than 1024" on
workstations starting with F21 as long as you don't forbid *any*
application without a SELinux context to open a non-privileged port
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141222/65766f02/attachment.sig>
More information about the devel
mailing list