On 07/14/2013 11:00, Dominick Grift wrote:
On Sun, 2013-07-14 at 01:26 -0400, Dave Quigley wrote:
Do we have an equivalent of matchpathcon for ports? Where we can
specify
a protocol and port and see what the policy thinks it labeled?
from man sepolicy-network:
sepolicy-network(8)
sepolicy-network(8)
NAME
sepolicy-network - Examine the SELinux Policy and generate a
network report
SYNOPSIS
sepolicy network [-h] (-l | -p PORT [PORT ...] | -t TYPE
[TYPE ...] | -d DOMAIN [DOMAIN ...])
DESCRIPTION
Use sepolicy network to examine SELinux Policy and generate
network reports.
OPTIONS
-d, --domain
Generate a report listing the ports to which the
specified domain is allowed to connect and or bind.
-l, --list
List all Network Port Types defined in SELinux Policy
-h, --help
Display help message
-t, --type
Generate a report listing the port numbers associate
with the specified SELinux port type.
-p, --port
Generate a report listing the SELinux port types
associate with the specified port number.
AUTHOR
This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx>
SEE ALSO
sepolicy(8), selinux(8), semanage(8)
20121005
sepolicy-network(8)
Dave
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
This is exactly what I needed thanks. I normally try looking through
semanage port -l but the problem is with ranges you can't just search
for what the port for something like 10234 is. This tool is exactly
that. I can just do sepolicy-network -p 10234. The only thing that seems
to be lacking is a way to specify protocol. However I don't think that's
a big deal since we only support 3 protocol types.
Dave
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
