Sharing a network port between types
Dominick Grift
dominick.grift at gmail.com
Thu Jun 27 11:52:28 UTC 2013
On Thu, 2013-06-27 at 13:40 +0200, Tim Verhoeven wrote:
> On Thu, Jun 27, 2013 at 1:35 PM, Dominick Grift
> <dominick.grift at gmail.com> wrote:
> > On Thu, 2013-06-27 at 13:06 +0200, Tim Verhoeven wrote:
> >
> >> So how can I allow SELinux to let both openssh and proftpd use port 22
> >> at the same time?
> >
> > Use audit2allow to allow the service(s) to operate on the port
>
> I could do that if there would be any AVC denies in the audit log
> about this, but there aren't any. So audit2allow does not help me
> much.
>
Then use semodule -DB to build/install the policy without "dontaudit"
rules, and then reproduce the issue. Then look for related avc denials
again. After testing run semodule -B to build/install the policy with
"dontaudit" rules reinserted.
> Regards,
> Tim
>
>
> --
> Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83
>
> Hoping the problem magically goes away by ignoring it is the
> "microsoft approach to programming" and should never be allowed.
> (Linus Torvalds)
More information about the selinux
mailing list