You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Users of udica may be confused by the fact that allowing port 21 also means that ports 989 and 990 are allowed too, because from SELinux policy point of view they are labeled the same way: ftp_port_t.
Expected behavior
Documentation should contain a note about this behavior.
Additional context
Ephemeral ports (32768-61000) are allowed too unless the content of /proc/sys/net/ipv4/ip_local_port_range is changed.
The text was updated successfully, but these errors were encountered:
milosmalik
changed the title
allowing port 21 also means allowing ports 980 and 990
allowing port 21 also means allowing ports 989 and 990
Feb 25, 2019
Explain the implications of generating policy based on security labels
as opposed to filesystem paths, port numbers, etc.
containers#7
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Explain the implications of generating policy based on security labels
as opposed to filesystem paths, port numbers, etc.
containers#7
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Describe the bug
Users of udica may be confused by the fact that allowing port 21 also means that ports 989 and 990 are allowed too, because from SELinux policy point of view they are labeled the same way: ftp_port_t.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Documentation should contain a note about this behavior.
Additional context
Ephemeral ports (32768-61000) are allowed too unless the content of /proc/sys/net/ipv4/ip_local_port_range is changed.
The text was updated successfully, but these errors were encountered: