I am trying to compromising my application (myapp) to use limited ports.
For that, I have decided to assign httpd_t type to myapp. So, myapp could use only http_port_t typed ports & I could manually add or remove ports to http_port_t domain.
Since, SELinux prefers to use http_port_t ports for httpd_t domain processes, But not enforcing it. So, I also could able to use unserved ports too. How to make it as enforcing one??
Also, I have socket-applications in bin_t domain. These too are having access to http_port_t typed ports. But, I dont want them to access http_port_t ports.
What I am missing?? Guys, Please suggest some ways to achieve this..
Aucun commentaire:
Enregistrer un commentaire