FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-22-2008, 06:21 PM
Chuck Anderson
 
Default port numbers for sctp support?

Is sctp support planned?

#semanage port -a -t ssh_sctp_port_t -p sctp 22
/usr/sbin/semanage: Protocol udp or tcp is required

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 07:21 PM
Daniel J Walsh
 
Default port numbers for sctp support?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> Is sctp support planned?
>
> #semanage port -a -t ssh_sctp_port_t -p sctp 22
> /usr/sbin/semanage: Protocol udp or tcp is required
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
TCP Port 22 is labeled ssh_port_t.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgOOr8ACgkQrlYvE4MpobPkaQCgw+Cmd5TEW/Io3Eq6R0aU3xeP
pC8AoLp63plhgLHVRL/rQvh2P6LllYCz
=H2R1
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 07:25 PM
Chuck Anderson
 
Default port numbers for sctp support?

On Tue, Apr 22, 2008 at 03:21:35PM -0400, Daniel J Walsh wrote:
> TCP Port 22 is labeled ssh_port_t.

For TCP, yes. I need SCTP, a different IP protocol.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 07:42 PM
Daniel J Walsh
 
Default port numbers for sctp support?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> On Tue, Apr 22, 2008 at 03:21:35PM -0400, Daniel J Walsh wrote:
>> TCP Port 22 is labeled ssh_port_t.
>
> For TCP, yes. I need SCTP, a different IP protocol.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

I have no idea if this is handled SCTP Are you seeing AVC messages?

You might want to bring this up for discussion on Developer list.

<selinux@tycho.nsa.gov>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgOP48ACgkQrlYvE4MpobNDdQCgsr4usMZttC bcaq+SyuMCHav1
H58AoJ+wWJqxTKvkbyq37/cGVryzah/F
=ibh6
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 08:02 PM
Stephen Smalley
 
Default port numbers for sctp support?

On Tue, 2008-04-22 at 15:42 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chuck Anderson wrote:
> > On Tue, Apr 22, 2008 at 03:21:35PM -0400, Daniel J Walsh wrote:
> >> TCP Port 22 is labeled ssh_port_t.
> >
> > For TCP, yes. I need SCTP, a different IP protocol.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> I have no idea if this is handled SCTP Are you seeing AVC messages?

Should show up as name_bind checks on port_t:rawip_socket, as per:
http://marc.info/?l=fedora-selinux-list&m=112806295900352&w=2

Policy toolchain doesn't presently allow specification of port contexts
for anything other than udp or tcp, although I think the kernel side
would support it just fine. So we'd need to update libsepol/libsemanage
first, then adjust seobject.py to recognize "sctp". Along with
checkpolicy.

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org