| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKD1Yr1jAv4ouHKu+wA-_basvzY3tN==QMq9u+4fmvpOHLBh1Q@mail.gmail.com>
Date: Fri, 13 Dec 2019 09:25:42 +0900
From: Lorenzo Colitti <lorenzo@...gle.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc: Maciej Żenczykowski <zenczykowski@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Linux NetDev <netdev@...r.kernel.org>,
Sean Tranchetti <stranche@...eaurora.org>,
Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>,
Eric Dumazet <edumazet@...gle.com>,
Linux SCTP <linux-sctp@...r.kernel.org>
Subject: Re: [PATCH] net: introduce ip_local_unbindable_ports sysctl
On Thu, Nov 28, 2019 at 8:00 AM Marcelo Ricardo Leitner
<marcelo.leitner@...il.com> wrote:
> I'm no SELinux expert, but my /etc/ssh/sshd_config has this nice handy
> comment:
> # If you want to change the port on a SELinux system, you have to tell
> # SELinux about this change.
> # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
>
> The kernel has no specific knowledge of 'ssh_port_t' and all I need to
> do to allow such port, is run the command above. No compiler, etc.
> The distribution would have to have a policy, say,
> 'unbindable_ports_t', and it could work similarly, I suppose, but I
> have no knowledge on this part.
For security reasons, Android does not allow reloading selinux policy
after boot. I'm not a selinux expert either, but semanage-port(8) has:
-N, --noreload
Do not reload policy after commit
which suggests that it works by reloading the policy.
Powered by blists - more mailing lists