On 07/16/2014 10:40 PM, Joe Jiang wrote:
Hi all,
Thanks for your responds.
I try to running # sudo semanage port -l|grep 5000 in my envrionment
and get same infomation.
>> ...
>> commplex_main_port_t tcp 5000
>> commplex_main_port_t udp 5000
then, I wanna remove this port(5000) from SELinux policy rules list
use this command(semanage port -d -p tcp -t commplex_port_t 5000),
the console echo is "/usr/sbin/semanage: Port tcp/5000 is defined in
policy, cannot be deleted", and 'udp/5000' is same reply.
Some sounds[1] say, this port is declared in the corenetwork source
policy which is compiled in the base module.
So, Have to recompile selinux module?
I think that's the only way to do it if you want to relabel port 5000.
Thanks.
Joe.
[1]
http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html
>> Another problem with port 5000 in Fedora, and probably more recent
>> versions of RHEL, is the selinux policy:
>>
>> # sudo semanage port -l|grep 5000
>> ...
>> commplex_main_port_t tcp 5000
>> commplex_main_port_t udp 5000
>>
>> There is some service called "commplex" that has already "claimed" port
>> 5000 for its use, at least as far as selinux goes.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
