Paul Howarth wrote: > However, the big problem with using semanage in scriptlets is that > future versions of packages have to remember and be able to cope with > anything that had ever been added using semanage in any previous version > of the package. If file contexts or port numbers change over time, this > could be a major hassle. Being able to do it in a policy module would be > *much* better because the version numbering inherent in the modules > would take care of updating and removing old rules. > > There would also be the problem of what do do when someone manually > added another port of type crossfire_port_t outside of rpm. This could be mollified if semanage could remove all port settings based on the type[+protocol]: Add the ports: semanage port -a -t crossfire_port_t -p tcp 13327 semanage port -a -t crossfire_port_t -p udp 13328 To remove tcp ports: semanage port -d -t crossfire_port_t -p tcp To remove all port settings: semanage port -d -t crossfire_port_t --Mike
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
