First Last Prev Next    This bug is not in your last search results.
Bug 986127 - selinux is blocking sshd from running on a different port
selinux is blocking sshd from running on a different port
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
19
x86_64 Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-18 23:01 EDT by Brendan Hoffmann
Modified: 2013-07-19 06:41 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-19 06:41:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Brendan Hoffmann 2013-07-18 23:01:10 EDT 
Description of problem:

The fedora 19 guest currently has selinux disabled.  When I add another port directive to the sshd config and restart the service I dont see the new added port listed when I check for it in lsof.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER


Version-Release number of selected component (if applicable):

openssh-server-6.2p2-3.fc19.i686
selinux-policy-3.12.1-63.fc19.noarch

How reproducible:

Very

Steps to Reproduce:
1. Make sure selinux is disabled
2. Add a "Port" directive to sshd_config
3. Restart SSH

Actual results:

You will not see the new port bound by SSH in netstat or lsof.  ('lsof -Pni')  

Expected results:

The port should be bound and not deterred by selinux as it is disabled.

Additional info:

Running the semanage command as shown in the sshd_config will allow the port to be used and be connected to.
Comment 1 Petr Lautrbach 2013-07-19 03:23:42 EDT 
If you have SELinux disabled then you don't need to run semanage. 

It works for me. Can you see something in /var/log/secure? Could you please paste an output of:

# sestatus

# /usr/sbin/sshd -T | grep port
Comment 2 Daniel Walsh 2013-07-19 06:41:59 EDT 
If SELinux is disabled then this is not an SELinux bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.