Bug 1410505 - RELP port for rsyslog
Summary: RELP port for rsyslog
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 26
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1411400
TreeView+ depends on / blocked
 
Reported: 2017-01-05 15:55 UTC by Ugo Bellavance
Modified: 2017-05-09 21:21 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.13.1-251.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1411400 (view as bug list)
Environment:
Last Closed: 2017-05-09 21:21:12 UTC
Type: Bug


Attachments (Terms of Use)

Description Ugo Bellavance 2017-01-05 15:55:35 UTC
Description of problem: a port should be added to the SELinux policy for rsyslog's RELP protocol.  There is no official default but 20514 is the most common.


Version-Release number of selected component (if applicable):

I've been told by RH staff to create a bug for that so that it ends up in RHEL.

Comment 2 Radovan Sroka 2017-01-09 12:03:43 UTC
Yes I do agree with that. Another common port is 10514 for tls connections, do we have policy for it?

Comment 3 Ugo Bellavance 2017-01-09 12:23:25 UTC
It looks like 6514 is the port for TLS connections in the policy (RHEL7):

# semanage port -l | grep sysl
syslog_tls_port_t              tcp      6514
syslog_tls_port_t              udp      6514
syslogd_port_t                 tcp      601
syslogd_port_t                 udp      514, 601

Comment 4 Radovan Sroka 2017-01-09 14:19:23 UTC
Upstream uses both of these ports in tutorials on its web

http://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html
http://www.rsyslog.com/doc/v8-stable/tutorials/tls.html

I suggest add 10514 and 20514 into fedora selinux-policy.

Comment 5 Ugo Bellavance 2017-01-09 14:20:57 UTC
+1

Comment 6 Lukas Vrabec 2017-01-09 15:38:32 UTC
Fixed. Issue will be fixed in next selinux-policy build.
Moving to POST

Comment 7 Ugo Bellavance 2017-01-09 15:39:23 UTC
I there any chance this will eventually make it in RHEL 7?

Comment 8 Ugo Bellavance 2017-01-09 15:51:13 UTC
Thanks!

Comment 9 Fedora End Of Life 2017-02-28 10:53:11 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.

Comment 10 Fedora Update System 2017-04-19 20:38:33 UTC
selinux-policy-3.13.1-251.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98

Comment 11 Fedora Update System 2017-04-20 20:23:23 UTC
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f36794dd98

Comment 12 Fedora Update System 2017-05-09 21:21:12 UTC
selinux-policy-3.13.1-251.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.