Wart wrote:
I'm trying to make modifications to semanage so that it's easier to
delete all ports for a given context, ie:
# semanage port -d -t crossfire_port_t
# semanage port -d -t crossfire_port_t -d tcp
However, I'm a little confused by the workings of the semanage python
modules.
/usr/sbin/semange makes the following call to delete the ports:
OBJECT = seobject.portRecords()
...
OBJECT.delete(target, proto)
Where 'target' is the port number to delete, and proto is the protocol
(tcp or udp). OBJECT is an array of selinux objects on which to operate.
Presumably, either the OBJECT list contains only the selinux objects
that match the input context (such as crossfire_port_t), or the
delete() method has some magic to filter only the matching contexts.
Since I couldn't find any code to support the latter, I suspect the
former.
Can someone explain how this OBJECT array gets filtered to only
contain matching contexts? It's not obvious how this happens when the
OBJECT array is created with seobject.portRecords().
I don't think there is any magic. Basically there is only one
portnumber/PROTOCOL allowed. So this is the key. Type is not part of
the key.
Thanks,
--Mike
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
