On Wed, 21 Nov 2001, Tracy R Reed wrote:

> No domain is currently allowed to bind http_port_t
>
> Why have fully defined policies for running apache if it isn't allowed to
> bind to the port? How can I allow this?

The technical reports aren't up-to-date. The first report (Integrating Flexible Support for Security Policies into the Linux Operating System) still describes the design and implementation of the original 2.2-based SELinux kernel patch, not the LSM-based SELinux security module. We're working on a new technical report that describes the LSM-based SELinux security module. The second technical report (A Security Policy Configuration for the Security-Enhanced Linux) describes the original example security policy configuration that was developed for the original SELinux on RH6.1, and doesn't reflect subsequent changes. Much of it is still applicable, but this particular note about http_port_t is not true in the current example policy.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.