Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListUnreserved portnumbers in corenetwork
From: selinux_at_a61.nl
Date: Wed, 5 Mar 2008 11:21:34 +0100 (CET)
We're building a policy for JBoss. Jboss uses atleast port 8080 and 8083. Besides this, the application we use on JBoss also opens port 8443 (https) While building the jboss-module we ofcourse want to claim these ports and patch corenetwork. However, this is where our problem arises; HTTP has claimed some of the ports we need and http-cache has claimed 8080 allready. But http and http-cache allow to open more ports (80, 443, 488, 8008, 8009) than we really need. We think this is against the SElinux policy of least privilege. So how do we deal with these kinds of port conflicts? Maybe corenetwork isn't the best place to define unreserved (> 1024) ports? Cheers, Bart -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 5 Mar 2008 - 05:22:01 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |