Project

General

Profile

Actions
Copy link

Bug #30849

open

Cleanup DNS rules

Added by Lukas Zapletal over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
General Foreman
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

We allow bind of all ports while we should probably only allow high ports. This was allowed in #8030.

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #8030: Permission denied - bind(2) on DNS lookup when creating a hostClosed10/22/2014Actions
Actions
Copy link
 #1

Updated by Lukas Zapletal over 3 years ago

  • Related to Bug #8030: Permission denied - bind(2) on DNS lookup when creating a host added
Actions
Copy link
 #2

Updated by Lukas Zapletal over 3 years ago

I think we still need those rules tho. This is in `dnsmasq.te`, a DNS server:

corenet_all_recvfrom_netlabel(dnsmasq_t)
corenet_tcp_sendrecv_generic_if(dnsmasq_t)
corenet_udp_sendrecv_generic_if(dnsmasq_t)
corenet_raw_sendrecv_generic_if(dnsmasq_t)
corenet_tcp_sendrecv_generic_node(dnsmasq_t)
corenet_udp_sendrecv_generic_node(dnsmasq_t)
corenet_raw_sendrecv_generic_node(dnsmasq_t)
corenet_tcp_sendrecv_all_ports(dnsmasq_t)
corenet_udp_sendrecv_all_ports(dnsmasq_t)
corenet_tcp_bind_generic_node(dnsmasq_t)
corenet_udp_bind_generic_node(dnsmasq_t)
Actions
Copy link

Also available in: Atom PDF