Hello, for our project policy, we define several new port types which were not yet introduced in RHEL6 (docker_port_t) and Fedora (elasticsearch_port_t). We have a port type declaration in our policy and port assignment in our package deployment script/scriplet. I wonder what happens when you introduce a port mentioned above in the core policy. My experiences so far is that policy load will fail because ports types cannot be redefined and the same for assignments. I was thinking if there is a generic workaround for this. I was thinking if there is a port type naming convention that you guys would expect in our upgrade scripts being able to undefine the port number prior upgrade. Something like: custom_2375_port_t in case of docker. Such ports with some expected prefix could be easily determined and all removed prior the upgrade. After that, we'd need to upgrade our policy to create appropriate rules of course, but this is much cleaner than having a conflict. Is there such a naming convention? If not, is this the way this could be solved upstream and downstream? Thanks -- Later, Lukas #lzap Zapletal -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
