On 04/19/2016 05:52 AM, William wrote:
On Mon, 2016-04-18 at 14:38 +1000, William wrote:
>>
>> For the general info you can use help():
>>
>> # python3
>>>
>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> import selinux
>>>>> help(selinux)
>>>>> import semanage
>>>>> help(semanage)
>> e.g.
>>>
>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> selinux.is_selinux_enabled()
>> 1
>>>
>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> selinux.selinux_getpolicytype()
>> [0, 'targeted']
>>
> Perfect! This is exactly what I needed. Thanks for your advice,
>
>
I keep getting errors trying to use this. And all the help pages have
documentation like:
semanage_port_exists(...)
Which is not very helpful.
The python bindings doesn't have complete documentation indeed.
Sometimes a library man page could help a bit.
$ man 3 semanage_port_exists
So from reading /usr/lib64/python3.4/site-packages/semanage.py I am at:
>>> import semanage
>>> import selinux
>>> h = semanage.semanage_handle_create()
>>> semanage.semanage_connect(h)
>>> (r, k) = semanage.semanage_port_key_create(h, 389, 389,
semanage.SEMANAGE_PROTO_TCP)
>> semanage.semanage_port_exists_local(h, k)
[4, 0]
4 is commit_num - /var/lib/selinux/targeted/active/commit_num. It's used
by libsemanage for managing updates to the store. It's probably not
relevant for your use case.
0 means the port doesn't exists in local modifications.
Local port modifications are stored in
/var/lib/selinux/targeted/active/ports.local and can be shown using the
following command:
# semanage port -l -C
e.g. for port 22 on my box:
>> (r, k) = semanage.semanage_port_key_create(h, 22, 22,
semanage.SEMANAGE_PROTO_TCP)
>> semanage.semanage_port_exists(h, k)
[5, 1]
>> semanage.semanage_port_exists_local(h, k)
[5, 0]
The port 22 is defined in the system policy, but there's no local
modification.
>>> semanage.semanage_port_query(h, k)
[4, <Swig Object of type 'struct semanage_port *' at 0x7f1b04ce3b10>]
4 - commit_num
<Swig Object of type 'struct semanage_port *' at 0x7f1b04ce3b10> is swig
object representing the returned port obejt.
>>> (r, k) = semanage.semanage_port_key_create(h, 38579,
38579,
semanage.SEMANAGE_PROTO_TCP)
>>> semanage.semanage_port_query(h, k)
[4, None]
There's no such object in database.
What do these results even mean ....? I guess in the first, 0, means
it does
exist, where as the later port_query, None means it doesn't? The second is giving
me the struct of type that owns the port?
Petr
--
Petr Lautrbach