SElinux port type for MQTT protocol
555 views
Skip to first unread message
IBhadelia
Apr 7, 2017, 3:38:55 AM4/7/17
to rabbitmq-users
I would like to add mqtt protocol as par of SElinux security policy, but following command gives me error
$ sudo semanage port -a -t mqtt_port_t -p tcp 1888
ERROR: ValueError: Type mqtt_port_t is invalid, must be a port type
Can you please guide me on which type is exists in policy for MQTT protocol?
Thanks
Imran
Michael Klishin
Apr 7, 2017, 6:03:50 AM4/7/17
to rabbitm...@googlegroups.com
MQTT should be no different from any other TCP-based protocol, just the port is different.
I don't know if you may be overriding the port but MQTT known ports are 1883 and 8883.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Staff Software Engineer, Pivotal/RabbitMQ
IBhadelia
Apr 7, 2017, 6:19:30 AM4/7/17
to rabbitmq-users
True. It says permission denied so I am in under impression that someone else is using that port. here is the log that i got
Failed to start Ranch listener {acceptor,{0,0,0,0,0,0,0,0},1883} in ranch_tcp:listen([{port,1883},{ip,{0,0,0,0,0,0,0,0}},inet6,{backlog,128},{nodelay,true}]) for reason eacces (permission denied)
FYI.
- My os is RHEL 7
- RabbitMQ 3.6.9
- Added port into SELinux (using semanage command)
My other observation is, if I start rabbit service using sudo rabbitmq-server it get started but when I try to run as service using sudo systemctl start rabbitmq-server.service it fails.
Failed to start Ranch listener {acceptor,{0,0,0,0,0,0,0,0},1883} in ranch_tcp:listen([{port,1883},{ip,{0,0,0,0,0,0,0,0}},inet6,{backlog,128},{nodelay,true}]) for reason eacces (permission denied)
FYI.
- My os is RHEL 7
- RabbitMQ 3.6.9
- Added port into SELinux (using semanage command)
My other observation is, if I start rabbit service using sudo rabbitmq-server it get started but when I try to run as service using sudo systemctl start rabbitmq-server.service it fails.
Michael Klishin
Apr 7, 2017, 8:08:14 AM4/7/17
to rabbitm...@googlegroups.com
EACCES does mean that binding to a socket was rejected due to insufficient
permissions. However, white listing a port with SELinux is no different for MQTT
from any other TCP-based protocol.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
MK
Staff Software Engineer, Pivotal/RabbitMQ
Reply all
Reply to author
Forward
0 new messages