On Tue, 2013-07-16 at 11:31 -0400, Daniel J Walsh wrote: > On 07/16/2013 11:26 AM, Dominick Grift wrote: > > On Tue, 2013-07-16 at 11:12 -0400, Daniel J Walsh wrote: > > > >> Do you have a preference of what you would like to see? > >> > >> We could add > >> > >> sepolicy network -p 80 -P tcp > >> > >> And return only the tcp ports, but this would still get you > >> > >> 80: tcp http_port_t 80 80: tcp reserved_port_t 1-511 > > > > Maybe also add a "-d | --direct" option that will instead only show the > > current applicable type ( in this case http_port_t ) > > > Well maybe the code is actually broken. Since the kernel would not see port > 80 as being reserved_port_t. It is only http_port_t, I believe. sure, although i like the functionality when you can (optionally) see where it falls back to if you were to remove the port context spec.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
