<html>
<head>
<meta content="text/html; charset=gbk" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 07/16/2014 10:40 PM, Joe Jiang
wrote:<br>
</div>
<blockquote
cite="mid:5568f737.6e0b.147429edafc.Coremail.ifzing@126.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<div>Hi all,</div>
<div><span style="line-height: 1.7;">Thanks for your responds.</span></div>
<div><br>
</div>
<div>I try to running <span style="font-family: arial;
white-space: pre-wrap; line-height: 1.7;"># sudo semanage
port -l|grep 5000 in my envrionment and get same infomation.</span></div>
<div><span style="font-family: arial; white-space: pre-wrap;
line-height: 1.7;">>> ...</span></div>
<div><span style="font-family: arial; white-space: pre-wrap;
line-height: 1.7;">>> commplex_main_port_t tcp 5000</span></div>
<div><span style="font-family: arial; white-space: pre-wrap;
line-height: 1.7;">>> commplex_main_port_t udp 5000</span></div>
<div><font face="arial"><span style="white-space: pre-wrap;">then,
I wanna remove this port(5000) from SELinux policy rules
list use this command(semanage port -d -p tcp -t
commplex_port_t 5000),</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;">the
console echo is "/usr/sbin/semanage: Port tcp/5000 is
defined in policy, cannot be deleted"</span></font><span
style="white-space: pre-wrap; font-family: arial;
line-height: 1.7;">, and 'udp/5000' is same </span><font
face="arial"><span style="white-space: pre-wrap;">reply.</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;">Some
sounds[1] say, this port is declared in the corenetwork
source policy which is </span></font><span
style="font-family: arial; white-space: pre-wrap;
line-height: normal;">compiled in the base module.</span></div>
<div><span style="font-family: arial; line-height: normal;
white-space: pre-wrap;">So, Have to recompile selinux
module?</span></div>
</div>
</blockquote>
<br>
I think that's the only way to do it if you want to relabel port
5000.<br>
<br>
<br>
<blockquote
cite="mid:5568f737.6e0b.147429edafc.Coremail.ifzing@126.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<div><span style="font-family: arial; line-height: normal;
white-space: pre-wrap;"><br>
</span></div>
<div><br>
</div>
<div><font face="arial"><span style="white-space: pre-wrap;">Thanks.</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;">
Joe.</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;"><br>
</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;">[1]</span></font></div>
<div><font face="arial"><span style="white-space: pre-wrap;"><a class="moz-txt-link-freetext" href="http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html">http://www.redhat.com/archives/fedora-selinux-list/2009-September/msg00056.html</a></span></font></div>
<br>
<br>
<br>
<br>
<pre>
>> Another problem with port 5000 in Fedora, and probably more recent
>> versions of RHEL, is the selinux policy:
>>
>> # sudo semanage port -l|grep 5000
>> ...
>> commplex_main_port_t tcp 5000
>> commplex_main_port_t udp 5000
>>
>> There is some service called "commplex" that has already "claimed" port
>> 5000 for its use, at least as far as selinux goes.
</pre>
</div>
<br>
<br>
<span title="neteasefooter"><span id="netease_mail_footer"></span></span>
</blockquote>
<br>
</body>
</html>