[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?



Paul Howarth wrote:
> However, the big problem with using semanage in scriptlets is that
> future versions of packages have to remember and be able to cope with
> anything that had ever been added using semanage in any previous version
> of the package. If file contexts or port numbers change over time, this
> could be a major hassle. Being able to do it in a policy module would be
> *much* better because the version numbering inherent in the modules
> would take care of updating and removing old rules.
> 
> There would also be the problem of what do do when someone manually
> added another port of type crossfire_port_t outside of rpm.


This could be mollified if semanage could remove all port settings based
on the type[+protocol]:

Add the ports:
semanage port -a -t crossfire_port_t -p tcp 13327
semanage port -a -t crossfire_port_t -p udp 13328

To remove tcp ports:
semanage port -d -t crossfire_port_t -p tcp

To remove all port settings:
semanage port -d -t crossfire_port_t

--Mike

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]