Displaying 3 results from an estimated 3 matches for "unreserved_port_t".
2017 Feb 12
3
Centos7 and old Bind bug
This is my new Centos7 DNS server.
In logwatch I am seeing:
**Unmatched Entries**
dispatch 0xb4378008: open_socket(0.0.0.0#5546) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4463008: open_socket(::#1935) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4464440: open_socket(::#8554) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4464440:
2017 Feb 12
2
Centos7 and old Bind bug
...thing wrong, because on my system, it looks like
> named_t is allowed to use those ports.
>
> # sesearch -A -s named_t | grep port | grep bind
>
> ...indicates that named_t is allowed to bind to both unreserved
> ports and ephemeral ports.
>
> # semanage port -l | grep unreserved_port_t
> unreserved_port_t tcp 61001-65535, 1024-32767
> unreserved_port_t udp 61001-65535, 1024-32767
> # semanage port -l | grep ephemeral_port_t
> ephemeral_port_t tcp 32768-61000
> ephemeral_port_t udp 32768-61000...
2017 Feb 12
0
Centos7 and old Bind bug
...s. However, I must
be reading something wrong, because on my system, it looks like named_t
is allowed to use those ports.
# sesearch -A -s named_t | grep port | grep bind
...indicates that named_t is allowed to bind to both unreserved
ports and ephemeral ports.
# semanage port -l | grep unreserved_port_t
unreserved_port_t tcp 61001-65535, 1024-32767
unreserved_port_t udp 61001-65535, 1024-32767
# semanage port -l | grep ephemeral_port_t
ephemeral_port_t tcp 32768-61000
ephemeral_port_t udp 32768-61000
I'm not seeing thos...