Description of problem: a port should be added to the SELinux policy for rsyslog's RELP protocol. There is no official default but 20514 is the most common. Version-Release number of selected component (if applicable): I've been told by RH staff to create a bug for that so that it ends up in RHEL.
Yes I do agree with that. Another common port is 10514 for tls connections, do we have policy for it?
It looks like 6514 is the port for TLS connections in the policy (RHEL7): # semanage port -l | grep sysl syslog_tls_port_t tcp 6514 syslog_tls_port_t udp 6514 syslogd_port_t tcp 601 syslogd_port_t udp 514, 601
Upstream uses both of these ports in tutorials on its web http://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html http://www.rsyslog.com/doc/v8-stable/tutorials/tls.html I suggest add 10514 and 20514 into fedora selinux-policy.
+1
Fixed. Issue will be fixed in next selinux-policy build. Moving to POST
I there any chance this will eventually make it in RHEL 7?
Thanks!
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
selinux-policy-3.13.1-251.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.