[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Removing semanage-added rules (Was: only allow 1 port for listening)
- From: Jason L Tibbitts III <tibbs math uh edu>
- To: Forrest Taylor <ftaylor redhat com>
- Cc: "fedora-selinux-list redhat com" <fedora-selinux-list redhat com>
- Subject: Re: Removing semanage-added rules (Was: only allow 1 port for listening)
- Date: 08 Aug 2007 13:45:48 -0500
>>>>> "FT" == Forrest Taylor <ftaylor redhat com> writes:
FT> Do a -l to list it, and use grep to match your rule ;o)
I was trying to see if an fcontext pattern actually matched any files
in the filesystem. Actually I'd like to know something more specific:
if it actually has any effect. It could be covered by another rule.
An example: I see a AVC denial on one file, add a rule to change the
context on that file and realize later that I need a rule matching the
whole directory. A week later and I'm cleaning up; can I really
delete that first rule? There are a whole lot of fcontext rules; how
do I know it really doesn't have any effect?
- J<
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]