allow a application on port UDP/162 as non root
Matthew Galgoci
mgalgoci at redhat.com
Thu Aug 6 14:53:02 UTC 2009
> Date: Thu, 6 Aug 2009 16:44:44 +0200 (CEST)
> From: Patrick Lambooy <p.lambooy at narmida.com>
> To: redhat-sysadmin-list at redhat.com
> Subject: allow a application on port UDP/162 as non root
>
> Hello,
>
> I need some Selinux help
>
> The problem is :
> The application starts its own listening snmp trap app on port UDP/162
>
> What i want is to allow a user (not root) to start the application(java)
> and let it bind to the port UDP/162.
>
> The original snmptrapd is deactivated so no problem here
>
> The problem is port 1 till 1024 can only used by root
>
> The only way to do this is to completely deactivate this part of security
> which i realy dont like, very nasty.
>
> Is there a way with selinux to do this.
> Please explain in details because i'm still partly a selinux n00b
> sry
>
> The alternative is to let the app run in root which isnt going to happen :-)
>
> I realy hope somebody knows how and if this can be done with selinux after
> 1 day searching and testing i'm a bit stuk
> Other suggestions are also welcome
This isn't a selinux issue. By default non-root processes cannot bind to
ports less than 1024. I'm not sure if there is a clean way around this.
--
Matthew Galgoci
Network Operations
Red Hat, Inc
919.754.3700 x44155
More information about the redhat-sysadmin-list
mailing list