From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 06 Nov 2008 10:06:45 -0500 Subject: [refpolicy] ipmi port In-Reply-To: <200810071049.11443.russell@coker.com.au> References: <200810071049.11443.russell@coker.com.au> Message-ID: <1225984005.12285.10.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2008-10-07 at 09:49 +1000, Russell Coker wrote: > network_port(ipmi, udp,623,s0, udp,664,s0) > > I suggest that we have port labelling such as the above for the IPMI ports (it > seems that the most commonly used IPMI port is 623 while port 664 is also > used). While the potential for security benefits are minimal (the OS can't > usefully run a server for the IPMI protocol). > > http://etbe.coker.com.au/2008/10/07/rpc-and-se-linux/ > > I've written about the issue at the above URL. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150