Coturn with SELinux?

[Fabian Bernhard]

Dear list,

We are trying to configure SELinux to allow us to bind Coturn to port 80 (or any other port). We run Centos 6.6. 

Do you know how to configure SELinux for STUN/TURN?

Thank you and kind regards,

Fabian

[Yuri Levin]

even with selinux set to permissive i was not able to bind port 80
the only way i was able to do it is running the turnserver as root with "--ne=2" option

[Oleg Moskalenko]

On Sunday, February 8, 2015 at 3:55:02 AM UTC-8, Yuri Levin wrote:

even with selinux set to permissive i was not able to bind port 80
the only way i was able to do it is running the turnserver as root with "--ne=2" option

No, you must not use --ne=2. If you have to use --ne=2 then it only means that you are running an older Linux kernel (like, CentOS 6.4). Then you have to compile the TURN server manually for your older kernel.

I just tested the TURN server with SELinux, on CentOS 6.6. Actually, SELinux does not affect the TURN server functionality, at all. The only thing that you have to do is to run the TURN server as root, to be able to use the port 80; but that would be the case on any Linux, SELinux or not.

Oleg

[Fabian Bernhard]

Hi Oleg and Yuri,

I just tested the TURN server with SELinux, on CentOS 6.6. Actually, SELinux does not affect the TURN server functionality, at all. The only thing that you have to do is to run the TURN server as root, to be able to use the port 80; but that would be the case on any Linux, SELinux or not.

 

I was able to bind to port 80 as user turnserver with the following command, on CentOS 7.2:

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/turnserver