Removing semanage-added rules (Was: only allow 1 port for listening)
Forrest Taylor
ftaylor at redhat.com
Wed Aug 8 18:31:55 UTC 2007
On Wed, 2007-08-08 at 13:07 -0500, Jason L Tibbitts III wrote:
> >>>>> "FT" == Forrest Taylor <ftaylor at redhat.com> writes:
>
> FT> Where you add a -a to add, replace that with a -d to delete, or a
> FT> -m to modify.
>
> Yeah, that was overly easy. I guess I was confused by how I'm
> supposed to know what "NAME" is, especially for fcontext rules where
> you give a pattern. (NAME seems to be the pattern itself.)
>
> I s there a simple way to know if an fcontext pattern matches anything
> so I can tell if I'm going to screw my system before deleting one?
Do a -l to list it, and use grep to match your rule ;o) semanage won't
let you remove a rule that is not there. Nor will it let you add a rule
that already exists (you must modify it [-m]).
Forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20070808/cd16757b/attachment.bin
More information about the selinux
mailing list