On Sat, Dec 26, 2009 at 12:27:28PM +0100, Dominick Grift wrote:
> I'm using Fedora 12 and was wondering why, If I I run my
sshd on a non-
> standard port...why don't SELinux registers an access violation?
> I see that "ssh_port_t" is there (attached to port 22) ... Is this not
> implemented yet for SSHD?
Good question. It seems that the policy maintainer decided to allow sshd_t to all
unreserved ports.
corenet_tcp_bind_all_unreserved_ports($1_t) in ssh_server_template services/ssh.if
I dont know why and i rather not allow it to bind to all unreserved port by default
either,
Possibly needed for ssh port forwarding?
--
Matthew Miller mattdm(a)mattdm.org <
http://mattdm.org/>