On Sun, 2013-07-14 at 01:26 -0400, Dave Quigley wrote: > Do we have an equivalent of matchpathcon for ports? Where we can specify > a protocol and port and see what the policy thinks it labeled? > from man sepolicy-network: > sepolicy-network(8) sepolicy-network(8) > > NAME > sepolicy-network - Examine the SELinux Policy and generate a network report > > SYNOPSIS > sepolicy network [-h] (-l | -p PORT [PORT ...] | -t TYPE [TYPE ...] | -d DOMAIN [DOMAIN ...]) > > DESCRIPTION > Use sepolicy network to examine SELinux Policy and generate network reports. > > OPTIONS > -d, --domain > Generate a report listing the ports to which the specified domain is allowed to connect and or bind. > > -l, --list > List all Network Port Types defined in SELinux Policy > > -h, --help > Display help message > > -t, --type > Generate a report listing the port numbers associate with the specified SELinux port type. > > -p, --port > Generate a report listing the SELinux port types associate with the specified port number. > > AUTHOR > This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx> > > SEE ALSO > sepolicy(8), selinux(8), semanage(8) > > 20121005 sepolicy-network(8) > Dave > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux