[DSE-Dev] Bug#1049428: how to determine what's needed for this
Russell Coker
russell at coker.com.au
Sat Jan 11 09:34:00 GMT 2025
# sesearch -A -s rpcd_t -c tcp_socket -p name_bind
allow nsswitch_domain port_t:tcp_socket name_bind; [ allow_ypbind ]:True
allow rpc_domain port_t:tcp_socket name_bind;
allow rpc_domain reserved_port_t:tcp_socket name_bind;
allow rpc_domain rpc_port_type:tcp_socket name_bind;
# sesearch -A -s rpcd_t -c udp_socket -p name_bind
allow nsswitch_domain port_t:udp_socket name_bind; [ allow_ypbind ]:True
allow rpc_domain port_t:udp_socket name_bind;
allow rpc_domain rpc_port_type:udp_socket name_bind;
# seinfo -a rpc_domain -x
Type Attributes: 1
attribute rpc_domain;
blkmapd_t
gssd_t
nfsd_t
rpcd_t
The above commands show that the domains for RPC can bind to the rpc_port_type
types. The command "seinfo -a rpc_port_type -x" shows a large list of types
that those domains can bind to. Which is probably more than desired and also
threre isn't one for just this purpose.
What we probably need is a new type for this sort of thing and reserving a few
ports for it. Are there good ports that can be used for such things?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list