914853 – Please make port 9150 tor_socks_port_t

Bug 914853 - Please make port 9150 tor_socks_port_t

Summary: Please make port 9150 tor_socks_port_t

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	915049
TreeView+	depends on / blocked

Reported:	2013-02-23 00:48 UTC by Jamie Nguyen
Modified:	2013-04-11 23:35 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-04-11 23:34:58 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jamie Nguyen 2013-02-23 00:48:45 UTC

The new Tor Browser Bundle and Torbutton default to 9150 as the Tor SOCKSPort, so could this please be added to default selinux policy? The current workaround is: semanage port -a -t tor_socks_port_t -p tcp 9150

Package versions:
selinux-policy-targeted-3.11.1-78.fc18

Comment 1 Daniel Walsh 2013-02-24 17:21:54 UTC

I have checked a fix for this into rawhide.  e66a03a0774a527938f3b23e9a86c61f74570134

Comment 2 Jamie Nguyen 2013-02-24 17:24:07 UTC

Excellent, thanks very much Dan. Just wondering, will F18 and F17 see this change too?

Comment 3 Miroslav Grepl 2013-02-25 14:20:58 UTC

I see we have in the policy

tor_socks_port_t               tcp      9050

Comment 4 Jamie Nguyen 2013-02-25 21:40:07 UTC

> I see we have in the policy
>
> tor_socks_port_t               tcp      9050


Yes. I am proposing that both 9050 and 9150 are tor_socks_port_t, as both can reasonably be expected for use as Tor SOCKSPorts.

Comment 5 Miroslav Grepl 2013-02-26 08:52:50 UTC

Ah, you are talking about 9150.

Comment 6 Jamie Nguyen 2013-03-14 22:14:17 UTC

Just wanted to query again about if/when this might find it's way into F18? I appreciate that there may be some kind of staging period in rawhide, but I'd really like to see this isolated 2-line change on F18:


--- a/policy-f18-base.patch
+++ b/policy-f18-base.patch
@@ -96491,7 +96491,7 @@
 +
 +
 +Default Defined Ports:
-+tcp 9050
++tcp 9050,9150
 +.EE
 +.SH "MANAGED FILES"
 +
@@ -114722,7 +114722,7 @@
  network_port(tftp, udp,69,s0)
 -network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
 +network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9051,s0)
-+network_port(tor_socks, tcp,9050,s0)
++network_port(tor_socks, tcp,9050,s0, tcp,9150,s0)
  network_port(traceroute, udp,64000-64010,s0)
 +network_port(tram, tcp, 4567, s0)
  network_port(transproxy, tcp,8081,s0)

Comment 10 Miroslav Grepl 2013-03-20 07:07:54 UTC

Patch added.

commit 6e4575c899a0ab4bc6f7ee29567278e1b1398887
Author: Miroslav Grepl <mgrepl>
Date:   Wed Mar 20 08:07:36 2013 +0100

    Add tcp/9150 as tor_socks_port

Comment 11 Jamie Nguyen 2013-03-20 18:26:29 UTC

Great, thanks very much Miroslav :)

Comment 12 Fedora Update System 2013-03-21 18:25:59 UTC

selinux-policy-3.11.1-87.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-87.fc18

Comment 13 Fedora Update System 2013-03-22 21:13:01 UTC

Package selinux-policy-3.11.1-87.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-87.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-4251/selinux-policy-3.11.1-87.fc18
then log in and leave karma (feedback).

Comment 14 Fedora Update System 2013-04-11 23:35:00 UTC

selinux-policy-3.11.1-87.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.