package review?
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 26 14:53:23 UTC 2006
Michael Thomas wrote:
> Paul Howarth wrote:
>
>> However, the big problem with using semanage in scriptlets is that
>> future versions of packages have to remember and be able to cope with
>> anything that had ever been added using semanage in any previous version
>> of the package. If file contexts or port numbers change over time, this
>> could be a major hassle. Being able to do it in a policy module would be
>> *much* better because the version numbering inherent in the modules
>> would take care of updating and removing old rules.
>>
>> There would also be the problem of what do do when someone manually
>> added another port of type crossfire_port_t outside of rpm.
>>
>
>
> This could be mollified if semanage could remove all port settings based
> on the type[+protocol]:
>
>
Yes sounds like a nice enhancement for this situation. One problem is
that we can not remove ports that are defined in the
base policy.
semanage port -d -p tcp 540
/usr/sbin/semanage: Port tcp/540 is defined in policy, cannot be deleted
But having a command that said
semanage port -d -p tcp -t crossfire_port_t
Would be nice. Patches accepted. :^)
> Add the ports:
> semanage port -a -t crossfire_port_t -p tcp 13327
> semanage port -a -t crossfire_port_t -p udp 13328
>
> To remove tcp ports:
> semanage port -d -t crossfire_port_t -p tcp
>
> To remove all port settings:
> semanage port -d -t crossfire_port_t
>
> --Mike
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list