From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 06 Nov 2008 10:06:45 -0500
Subject: [refpolicy] ipmi port
In-Reply-To: <200810071049.11443.russell@coker.com.au>
References: <200810071049.11443.russell@coker.com.au>
Message-ID: <1225984005.12285.10.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2008-10-07 at 09:49 +1000, Russell Coker wrote:
> network_port(ipmi, udp,623,s0, udp,664,s0)
> 
> I suggest that we have port labelling such as the above for the IPMI ports (it 
> seems that the most commonly used IPMI port is 623 while port 664 is also 
> used).  While the potential for security benefits are minimal (the OS can't 
> usefully run a server for the IPMI protocol).
> 
> http://etbe.coker.com.au/2008/10/07/rpc-and-se-linux/
> 
> I've written about the issue at the above URL.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150