[colug-432] SELinux Policy Question

Travis Sidelinger travissidelinger at gmail.com
Thu Feb 12 11:17:20 EST 2015


I ran into this too.

Options:
  * Re-write the base policy, but remember an rpm update will wipe out
your changes.
  * Extend the base policy to allow your app to access the ports owned
by another policy.  Audit2allow should help with that.  Then add the
other ports using semanage.
  * Run your service unconfined.

I don't like that they added all those ports into the base policy either.

-Travis


On Thu, Feb 12, 2015 at 10:39 AM, Chris Clonch <chris at theclonchs.com> wrote:
> Running RHEL 6 and trying to label a range of ports.  I've tried
> "semanage port -a -t http_port_t -p tcp 3000-3099" but that fails as a
> couple of ports are already labelled.  I can not delete them because
> they are defined in the base policy.  Rather than have to modify those
> and have a couple of additional non-contiguous ranges defined, can I
> create a local policy that will override the base policies?
>
> Thanks,
> -Chris
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



-- 
"A careful reading of history clearly demonstrates ...
that people don't read history carefully."

"We can't solve problems by using the same kind of thinking we used
when we created them."
--Albert Einstein


More information about the colug-432 mailing list