-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2013 05:41 PM, David Quigley wrote: > On 07/14/2013 11:00, Dominick Grift wrote: >> On Sun, 2013-07-14 at 01:26 -0400, Dave Quigley wrote: >>> Do we have an equivalent of matchpathcon for ports? Where we can >>> specify a protocol and port and see what the policy thinks it labeled? >>> >> >> from man sepolicy-network: >> >>> sepolicy-network(8) >>> >>> sepolicy-network(8) >>> >>> NAME sepolicy-network - Examine the SELinux Policy and generate a >>> network report >>> >>> SYNOPSIS sepolicy network [-h] (-l | -p PORT [PORT ...] | -t TYPE [TYPE >>> ...] | -d DOMAIN [DOMAIN ...]) >>> >>> DESCRIPTION Use sepolicy network to examine SELinux Policy and generate >>> network reports. >>> >>> OPTIONS -d, --domain Generate a report listing the ports to which the >>> specified domain is allowed to connect and or bind. >>> >>> -l, --list List all Network Port Types defined in SELinux Policy >>> >>> -h, --help Display help message >>> >>> -t, --type Generate a report listing the port numbers associate with >>> the specified SELinux port type. >>> >>> -p, --port Generate a report listing the SELinux port types associate >>> with the specified port number. >>> >>> AUTHOR This man page was written by Daniel Walsh <dwalsh@xxxxxxxxxx> >>> >>> SEE ALSO sepolicy(8), selinux(8), semanage(8) >>> >>> >>> 20121005 sepolicy-network(8) >> >>> Dave -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux > > This is exactly what I needed thanks. I normally try looking through > semanage port -l but the problem is with ranges you can't just search for > what the port for something like 10234 is. This tool is exactly that. I can > just do sepolicy-network -p 10234. The only thing that seems to be lacking > is a way to specify protocol. However I don't think that's a big deal since > we only support 3 protocol types. > > Dave > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux sepolicy-network -p 10234 | grep udp :^) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHkGjYACgkQrlYvE4MpobO7MgCgzICENJyFO6yLQ4DbyrtEvC8D Lr4An36HZEzQKwuvwNqg/XUtOKVNFt+/ =MrcY -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
