aboutgitcodebugslistschat
path: root/contrib/selinux/passt.if
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2023-03-06 23:05:36 +0000
committerStefano Brivio <sbrivio@redhat.com>2023-03-09 00:36:08 +0100
commitde9b0cb5fee2ea00ed7e7877ef9be8c446bca134 (patch)
tree92e563257bd3d19844fbf9938db7ff66505a29d0 /contrib/selinux/passt.if
parent41bc669866b9e408d8d4966ee06e01784949b98d (diff)
downloadpasst-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.gz
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.bz2
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.lz
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.xz
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.zst
passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.zip
contrib/selinux: Allow binding and connecting to all UDP and TCP ports
Laine reports that with a simple: <portForward proto='tcp'> <range start='2022' to='22'/> </portForward> in libvirt's domain XML, passt won't start as it fails to bind arbitrary ports. That was actually the intention behind passt_port_t: the user or system administrator should have explicitly configured allowed ports on a given machine. But it's probably not realistic, so just allow any port to be bound and forwarded. Also fix up some missing operations on sockets. Reported-by: Laine Stump <laine@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Tested-by: Laine Stump <laine@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Diffstat (limited to 'contrib/selinux/passt.if')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 19:22:32 +0000