Fedora-Minimal-armhfp-21-20140905-sda.raw.xz - semanage issue
Robert Moskowitz
rgm at htt-consult.com
Fri Sep 5 17:20:44 UTC 2014
One of the first things I do when setting up a new host is move the sshd
port. As stated now (finally!) in the /etc/ssh/sshd_config file:
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
So...
semanage port -a -t ssh_port_t -p tcp 223
[ 2364.773457] SELinux: Permission audit_read in class capability2 not
defined in policy.
[ 2364.781668] SELinux: the above unknown classes and permissions will
be allowed
[ 2365.223619] SELinux: Context
system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 2366.235439] SELinux: Context
unconfined_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 2371.093678] SELinux: Context
unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid
(unmapped).
[ 2375.355504] SELinux: Context
system_u:system_r:vbetool_t:s0-s0:c0.c1023 became invalid (unmapped).
But I CAN connect to SSH on my selected port. So are these just warning
messages that have been left on for testing.
More information about the test
mailing list