[DSE-User] SELinux on Wheezy: rsyslog

[Arno Schuring]

This one took a while to track down, because I wasn't getting any AVC
denials about it.

TCP port 2514 is used by rsyslog for Reliable Event Logging Protocol
remote logging. The default policy does not label this port as a syslog
port, so listening on this port fails. Modify corenetwork.te to label
this port correctly.

As you can't add portcon definitions in a policy module, I have marked
the port locally with
# semanage port -a -t syslogd_port_t -p tcp 2514


Regards,
Arno

-8<--
diff --git a/policy/modules/kernel/corenetwork.te b/policy/modules/kernel/corenetwork.te
index 4fbc5c6..6203aee 100644
--- a/policy/modules/kernel/corenetwork.te
+++ b/policy/modules/kernel/corenetwork.te
@@ -1377,6 +1377,7 @@ typeattribute syslogd_port_t reserved_port_type;
 typeattribute syslogd_port_t rpc_port_type;
 
 portcon udp 514 gen_context(system_u:object_r:syslogd_port_t,s0)
+portcon tcp 2514 gen_context(system_u:object_r:syslogd_port_t,s0)
 
 
 type tcs_port_t, port_type;
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index d6c51f5..22f0f95 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -205,6 +205,7 @@ network_port(ssh, tcp,22,s0)
 type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
 network_port(swat, tcp,901,s0)
 network_port(syslogd, udp,514,s0)
+network_port(syslogd, tcp,2514,s0)
 network_port(tcs, tcp, 30003, s0)
 network_port(telnetd, tcp,23,s0)
 network_port(tftp, udp,69,s0)