[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?



Michael Thomas wrote:
Paul Howarth wrote:
However, the big problem with using semanage in scriptlets is that
future versions of packages have to remember and be able to cope with
anything that had ever been added using semanage in any previous version
of the package. If file contexts or port numbers change over time, this
could be a major hassle. Being able to do it in a policy module would be
*much* better because the version numbering inherent in the modules
would take care of updating and removing old rules.

There would also be the problem of what do do when someone manually
added another port of type crossfire_port_t outside of rpm.


This could be mollified if semanage could remove all port settings based
on the type[+protocol]:

Yes sounds like a nice enhancement for this situation. One problem is that we can not remove ports that are defined in the
base policy.
semanage port -d -p tcp 540
/usr/sbin/semanage: Port tcp/540 is defined in policy, cannot be deleted

But having a command that said
semanage port -d -p tcp -t crossfire_port_t
Would be nice.  Patches accepted.  :^)


Add the ports:
semanage port -a -t crossfire_port_t -p tcp 13327
semanage port -a -t crossfire_port_t -p udp 13328

To remove tcp ports:
semanage port -d -t crossfire_port_t -p tcp

To remove all port settings:
semanage port -d -t crossfire_port_t

--Mike
------------------------------------------------------------------------

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]