matchportcon?
Dominick Grift
dominick.grift at gmail.com
Tue Jul 16 15:51:48 UTC 2013
On Tue, 2013-07-16 at 11:31 -0400, Daniel J Walsh wrote:
> On 07/16/2013 11:26 AM, Dominick Grift wrote:
> > On Tue, 2013-07-16 at 11:12 -0400, Daniel J Walsh wrote:
> >
> >> Do you have a preference of what you would like to see?
> >>
> >> We could add
> >>
> >> sepolicy network -p 80 -P tcp
> >>
> >> And return only the tcp ports, but this would still get you
> >>
> >> 80: tcp http_port_t 80 80: tcp reserved_port_t 1-511
> >
> > Maybe also add a "-d | --direct" option that will instead only show the
> > current applicable type ( in this case http_port_t )
> >
> Well maybe the code is actually broken. Since the kernel would not see port
> 80 as being reserved_port_t. It is only http_port_t, I believe.
sure, although i like the functionality when you can (optionally) see
where it falls back to if you were to remove the port context spec.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130716/cd6d3110/attachment.sig>
More information about the selinux
mailing list