How to allow vsftpd to listen on other ports?
Dawid Gajownik
gajownik at fedora.pl
Wed Mar 8 18:03:03 UTC 2006
Hi!
I wanted vsftpd to listen on 750 or 777 port. SELinux does not like this
type=AVC msg=audit(1141840161.184:107): avc: denied { name_bind } for
pid=5352 comm="vsftpd" src=777 scontext=root:system_r:ftpd_t
tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket
type=AVC msg=audit(1141840470.444:114): avc: denied { name_bind } for
pid=5495 comm="vsftpd" src=750 scontext=root:system_r:ftpd_t
tcontext=system_u:object_r:kerberos_port_t tclass=tcp_socket
I've downloaded selinux-policy-targeted-sources rpm and wanted to add
this line:
portcon tcp 750 system_u:object_r:ftp_port_t
The problem is that I don't know where should it be placed. It does not
work in domains/misc/local.te -- `make load' fails ;-)
OS: FC4
selinux-policy-targeted-sources: 1.27.1-2.22
Regards,
Dawid
--
^_*
More information about the fedora-selinux-list
mailing list