I have a Centos VM running with SELinux enabled. I wish to have sshd listen to another port --- says, 993. I've modified the sshd_config file to listen to another port, but SELinux is getting in the way. I don't want to disable SELinux. How do I tell SELinux that it's okay for sshd to be reading TCP connections on port 993?
The correct command to use is semanage port -a -t ssh_port_t -p tcp 993 but I cannot use that command because port 993 is already in use in another policy:
[centos@timedb ~]$ semanage port -a -t ssh_port_t -p tcp 993
ValueError: SELinux policy is not managed or store cannot be accessed.
[centos@timedb ~]$
But I cannot delete that port in the policy because it is part of the base policy:
[centos@timedb ~]$ sudo semanage port -l|grep 993
pop_port_t tcp 106, 109, 110, 143, 220, 993, 995, 1109, 10993
[centos@timedb ~]$ sudo semanage port -d -t pop_port_t -p tcp 993
ValueError: Port tcp/993 is defined in policy, cannot be deleted
[centos@timedb ~]$
I need to use a port that is already defined becasue I am upstream from a middlebox that only allows connections on ports allocated to specified services, and port 22 is blocked.
