package review?
Michael Thomas
wart at kobold.org
Tue Jul 25 23:07:30 UTC 2006
Paul Howarth wrote:
> However, the big problem with using semanage in scriptlets is that
> future versions of packages have to remember and be able to cope with
> anything that had ever been added using semanage in any previous version
> of the package. If file contexts or port numbers change over time, this
> could be a major hassle. Being able to do it in a policy module would be
> *much* better because the version numbering inherent in the modules
> would take care of updating and removing old rules.
>
> There would also be the problem of what do do when someone manually
> added another port of type crossfire_port_t outside of rpm.
This could be mollified if semanage could remove all port settings based
on the type[+protocol]:
Add the ports:
semanage port -a -t crossfire_port_t -p tcp 13327
semanage port -a -t crossfire_port_t -p udp 13328
To remove tcp ports:
semanage port -d -t crossfire_port_t -p tcp
To remove all port settings:
semanage port -d -t crossfire_port_t
--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060725/677331ce/attachment.bin>
More information about the fedora-selinux-list
mailing list