Michael Thomas wrote:
Paul Howarth wrote:
> However, the big problem with using semanage in scriptlets is that
> future versions of packages have to remember and be able to cope with
> anything that had ever been added using semanage in any previous version
> of the package. If file contexts or port numbers change over time, this
> could be a major hassle. Being able to do it in a policy module would be
> *much* better because the version numbering inherent in the modules
> would take care of updating and removing old rules.
>
> There would also be the problem of what do do when someone manually
> added another port of type crossfire_port_t outside of rpm.
>
This could be mollified if semanage could remove all port settings based
on the type[+protocol]:
Yes sounds like a nice enhancement for this situation. One problem is
that we can not remove ports that are defined in the
base policy.
semanage port -d -p tcp 540
/usr/sbin/semanage: Port tcp/540 is defined in policy, cannot be deleted
But having a command that said
semanage port -d -p tcp -t crossfire_port_t
Would be nice. Patches accepted. :^)
Add the ports:
semanage port -a -t crossfire_port_t -p tcp 13327
semanage port -a -t crossfire_port_t -p udp 13328
To remove tcp ports:
semanage port -d -t crossfire_port_t -p tcp
To remove all port settings:
semanage port -d -t crossfire_port_t
--Mike
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list