[colug-432] SELinux Policy Question
Travis Sidelinger
travissidelinger at gmail.com
Thu Feb 12 11:17:20 EST 2015
I ran into this too.
Options:
* Re-write the base policy, but remember an rpm update will wipe out
your changes.
* Extend the base policy to allow your app to access the ports owned
by another policy. Audit2allow should help with that. Then add the
other ports using semanage.
* Run your service unconfined.
I don't like that they added all those ports into the base policy either.
-Travis
On Thu, Feb 12, 2015 at 10:39 AM, Chris Clonch <chris at theclonchs.com> wrote:
> Running RHEL 6 and trying to label a range of ports. I've tried
> "semanage port -a -t http_port_t -p tcp 3000-3099" but that fails as a
> couple of ports are already labelled. I can not delete them because
> they are defined in the base policy. Rather than have to modify those
> and have a couple of additional non-contiguous ranges defined, can I
> create a local policy that will override the base policies?
>
> Thanks,
> -Chris
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
--
"A careful reading of history clearly demonstrates ...
that people don't read history carefully."
"We can't solve problems by using the same kind of thinking we used
when we created them."
--Albert Einstein
More information about the colug-432
mailing list