Re: matchportcon?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2013 05:41 PM, David Quigley wrote:
> On 07/14/2013 11:00, Dominick Grift wrote:
>> On Sun, 2013-07-14 at 01:26 -0400, Dave Quigley wrote:
>>> Do we have an equivalent of matchpathcon for ports? Where we can
>>> specify a protocol and port and see what the policy thinks it labeled?
>>> 
>> 
>> from man sepolicy-network:
>> 
>>> sepolicy-network(8)
>>> 
>>> sepolicy-network(8)
>>> 
>>> NAME sepolicy-network - Examine the SELinux Policy and generate a
>>> network report
>>> 
>>> SYNOPSIS sepolicy network [-h] (-l | -p PORT [PORT ...] | -t TYPE [TYPE
>>> ...] | -d DOMAIN [DOMAIN ...])
>>> 
>>> DESCRIPTION Use sepolicy network to examine SELinux Policy and generate
>>> network reports.
>>> 
>>> OPTIONS -d, --domain Generate a report listing the ports to which the
>>> specified domain is allowed to connect and or bind.
>>> 
>>> -l, --list List all Network Port Types defined in SELinux Policy
>>> 
>>> -h, --help Display help message
>>> 
>>> -t, --type Generate a report listing the port numbers associate with
>>> the specified SELinux port type.
>>> 
>>> -p, --port Generate a report listing the SELinux port types associate
>>> with the specified port number.
>>> 
>>> AUTHOR This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx>
>>> 
>>> SEE ALSO sepolicy(8), selinux(8), semanage(8)
>>> 
>>> 
>>> 20121005 sepolicy-network(8)
>> 
>>> Dave -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> This is exactly what I needed thanks. I normally try looking through
> semanage port -l but the problem is with ranges you can't just search for
> what the port for something like 10234 is. This tool is exactly that. I can
> just do sepolicy-network -p 10234. The only thing that seems to be lacking
> is a way to specify protocol. However I don't think that's a big deal since
> we only support 3 protocol types.
> 
> Dave
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

sepolicy-network -p 10234 | grep udp

:^)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHkGjYACgkQrlYvE4MpobO7MgCgzICENJyFO6yLQ4DbyrtEvC8D
Lr4An36HZEzQKwuvwNqg/XUtOKVNFt+/
=MrcY
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux