diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2023-03-06 23:05:36 +0000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2023-03-09 00:36:08 +0100 |
commit | de9b0cb5fee2ea00ed7e7877ef9be8c446bca134 (patch) | |
tree | 92e563257bd3d19844fbf9938db7ff66505a29d0 /netlink.c | |
parent | 41bc669866b9e408d8d4966ee06e01784949b98d (diff) | |
download | passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.gz passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.bz2 passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.lz passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.xz passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.tar.zst passt-de9b0cb5fee2ea00ed7e7877ef9be8c446bca134.zip |
contrib/selinux: Allow binding and connecting to all UDP and TCP ports
Laine reports that with a simple:
<portForward proto='tcp'>
<range start='2022' to='22'/>
</portForward>
in libvirt's domain XML, passt won't start as it fails to bind
arbitrary ports. That was actually the intention behind passt_port_t:
the user or system administrator should have explicitly configured
allowed ports on a given machine. But it's probably not realistic, so
just allow any port to be bound and forwarded.
Also fix up some missing operations on sockets.
Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Laine Stump <laine@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
Diffstat (limited to 'netlink.c')
0 files changed, 0 insertions, 0 deletions