diff mbox series

[v2] network_support.md: clarify local port range and name_bind

Message ID 20220527180451.302448-1-dominick.grift@defensec.nl (mailing list archive)
State Accepted
Delegated to: Paul Moore
Headers show
Series [v2] network_support.md: clarify local port range and name_bind | expand

Commit Message

Dominick Grift May 27, 2022, 6:04 p.m. UTC 
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
v2: rephrases the whole things

 src/network_support.md | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Paul Moore May 27, 2022, 7:06 p.m. UTC | #1 
On Fri, May 27, 2022 at 2:05 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
> ---
> v2: rephrases the whole things
>
>  src/network_support.md | 8 ++++++++
>  1 file changed, 8 insertions(+)

Tomorrow came very quickly :)  Merged, thanks Dominick.
diff mbox series

Patch

diff --git a/src/network_support.md b/src/network_support.md
index bec725e..a8fe234 100644
--- a/src/network_support.md
+++ b/src/network_support.md
@@ -668,6 +668,14 @@  statements):
 semanage port -a -t my_server_port_t -p tcp -r s0 12345
 ```
 
+Only ports that fall outside the local, or ephemeral, port range are
+subject to the additional *name_bind* access check. You can see the
+current ephemeral port range on your system by checking the
+*net.ipv4.ip_local_port_range* sysctl:
+```
+sysctl net.ipv4.ip_local_port_range
+```
+
 ## Labeled Network FileSystem (NFS)
 
 Version 4.2 of NFS supports labeling between client/server and requires