[DSE-Dev] Bug#1049428: how to determine what's needed for this

Russell Coker russell at coker.com.au
Sat Jan 11 09:34:00 GMT 2025


# sesearch -A -s rpcd_t -c tcp_socket -p name_bind
allow nsswitch_domain port_t:tcp_socket name_bind; [ allow_ypbind ]:True
allow rpc_domain port_t:tcp_socket name_bind;
allow rpc_domain reserved_port_t:tcp_socket name_bind;
allow rpc_domain rpc_port_type:tcp_socket name_bind;
# sesearch -A -s rpcd_t -c udp_socket -p name_bind
allow nsswitch_domain port_t:udp_socket name_bind; [ allow_ypbind ]:True
allow rpc_domain port_t:udp_socket name_bind;
allow rpc_domain rpc_port_type:udp_socket name_bind;
# seinfo -a rpc_domain -x

Type Attributes: 1
   attribute rpc_domain;
	blkmapd_t
	gssd_t
	nfsd_t
	rpcd_t


The above commands show that the domains for RPC can bind to the rpc_port_type 
types.  The command "seinfo -a rpc_port_type -x" shows a large list of types 
that those domains can bind to.  Which is probably more than desired and also 
threre isn't one for just this purpose.

What we probably need is a new type for this sort of thing and reserving a few 
ports for it.  Are there good ports that can be used for such things?


-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



More information about the SELinux-devel mailing list