[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: port numbers for sctp support?
- From: Stephen Smalley <sds tycho nsa gov>
- To: Daniel J Walsh <dwalsh redhat com>
- Cc: Eric Paris <eparis parisplace org>, SE Linux <selinux tycho nsa gov>, fedora-selinux-list redhat com
- Subject: Re: port numbers for sctp support?
- Date: Tue, 22 Apr 2008 16:02:52 -0400
On Tue, 2008-04-22 at 15:42 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chuck Anderson wrote:
> > On Tue, Apr 22, 2008 at 03:21:35PM -0400, Daniel J Walsh wrote:
> >> TCP Port 22 is labeled ssh_port_t.
> >
> > For TCP, yes. I need SCTP, a different IP protocol.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list redhat com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> I have no idea if this is handled SCTP Are you seeing AVC messages?
Should show up as name_bind checks on port_t:rawip_socket, as per:
http://marc.info/?l=fedora-selinux-list&m=112806295900352&w=2
Policy toolchain doesn't presently allow specification of port contexts
for anything other than udp or tcp, although I think the kernel side
would support it just fine. So we'd need to update libsepol/libsemanage
first, then adjust seobject.py to recognize "sctp". Along with
checkpolicy.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]