* Question regarding port usage in respect to the tomcat policy
@ 2004-12-17 23:08 Nick Gray
2004-12-18 9:59 ` Daniel J Walsh
0 siblings, 1 reply; 2+ messages in thread
From: Nick Gray @ 2004-12-17 23:08 UTC (permalink / raw)
To: SELinux ML
In net_contexts I found this
ifdef(`use_http_cache', `
portcon tcp 3128 system_u:object_r:http_cache_port_t
portcon tcp 8080 system_u:object_r:http_cache_port_t
portcon udp 3130 system_u:object_r:http_cache_port_t
')
I needed 8080 for my tomcat tests so I stole it
by taking it out and creating my own
ifdef(`tomcat.te', `
portcon tcp 8080 system_u:object_r:tomcat_port_t
')
And I added this to the tomcat.te
allow tomcat_t tomcat_port_t:tcp_socket name_bind;
The question is why can I access port 8443 as well?
**
I think I figured it out. While doing the start/fix/restart, I found
that I needed this line as well (probably when I tried to access 8443)
allow tomcat_t port_t:tcp_socket name_bind;
So I am guessing that anything not labeled specifically must belong to
this type.
Nix
--
Nick Gray
Senior Systems Engineer
Bruzenak Inc
Office: 512-331-7998
Cell: 512-630-7009
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Question regarding port usage in respect to the tomcat policy
2004-12-17 23:08 Question regarding port usage in respect to the tomcat policy Nick Gray
@ 2004-12-18 9:59 ` Daniel J Walsh
0 siblings, 0 replies; 2+ messages in thread
From: Daniel J Walsh @ 2004-12-18 9:59 UTC (permalink / raw)
To: Nick Gray; +Cc: SELinux ML
Nick Gray wrote:
>In net_contexts I found this
>
>ifdef(`use_http_cache', `
>portcon tcp 3128 system_u:object_r:http_cache_port_t
>portcon tcp 8080 system_u:object_r:http_cache_port_t
>portcon udp 3130 system_u:object_r:http_cache_port_t
>')
>
>I needed 8080 for my tomcat tests so I stole it
>by taking it out and creating my own
>
>
>ifdef(`tomcat.te', `
>portcon tcp 8080 system_u:object_r:tomcat_port_t
>')
>
>And I added this to the tomcat.te
>
>allow tomcat_t tomcat_port_t:tcp_socket name_bind;
>
>The question is why can I access port 8443 as well?
>
>**
>
>I think I figured it out. While doing the start/fix/restart, I found
>that I needed this line as well (probably when I tried to access 8443)
>
>allow tomcat_t port_t:tcp_socket name_bind;
>
>
No this says that you can bind to any port.
A better solution would be
ifdef(`tomcat.te', `
portcon tcp 8080 system_u:object_r:tomcat_port_t
portcon tcp 8083 system_u:object_r:tomcat_port_t
')
>So I am guessing that anything not labeled specifically must belong to
>this type.
>
>Nix
>
>
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-12-18 9:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-17 23:08 Question regarding port usage in respect to the tomcat policy Nick Gray
2004-12-18 9:59 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.