2008-10-06 23:49:08

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] ipmi port

network_port(ipmi, udp,623,s0, udp,664,s0)

I suggest that we have port labelling such as the above for the IPMI ports (it
seems that the most commonly used IPMI port is 623 while port 664 is also
used). While the potential for security benefits are minimal (the OS can't
usefully run a server for the IPMI protocol).

http://etbe.coker.com.au/2008/10/07/rpc-and-se-linux/

I've written about the issue at the above URL.

--
russell at coker.com.au
http://etbe.coker.com.au/ My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development


2008-11-06 15:06:45

by cpebenito

[permalink] [raw]
Subject: [refpolicy] ipmi port

On Tue, 2008-10-07 at 09:49 +1000, Russell Coker wrote:
> network_port(ipmi, udp,623,s0, udp,664,s0)
>
> I suggest that we have port labelling such as the above for the IPMI ports (it
> seems that the most commonly used IPMI port is 623 while port 664 is also
> used). While the potential for security benefits are minimal (the OS can't
> usefully run a server for the IPMI protocol).
>
> http://etbe.coker.com.au/2008/10/07/rpc-and-se-linux/
>
> I've written about the issue at the above URL.

Merged.

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150