On 04/19/2016 05:52 AM, William wrote: > On Mon, 2016-04-18 at 14:38 +1000, William wrote: >>> >>> For the general info you can use help(): >>> >>> # python3 >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> import selinux >>>>>> help(selinux) >>>>>> import semanage >>>>>> help(semanage) >>> e.g. >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> selinux.is_selinux_enabled() >>> 1 >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> selinux.selinux_getpolicytype() >>> [0, 'targeted'] >>> >> Perfect! This is exactly what I needed. Thanks for your advice, >> >> > > I keep getting errors trying to use this. And all the help pages have > documentation like: > > semanage_port_exists(...) > > Which is not very helpful. The python bindings doesn't have complete documentation indeed. Sometimes a library man page could help a bit. $ man 3 semanage_port_exists > > So from reading /usr/lib64/python3.4/site-packages/semanage.py I am at: > > >>>> import semanage >>>> import selinux >>>> h = semanage.semanage_handle_create() >>>> semanage.semanage_connect(h) >>>> (r, k) = semanage.semanage_port_key_create(h, 389, 389, > semanage.SEMANAGE_PROTO_TCP) > >>>> semanage.semanage_port_exists_local(h, k) > [4, 0] 4 is commit_num - /var/lib/selinux/targeted/active/commit_num. It's used by libsemanage for managing updates to the store. It's probably not relevant for your use case. 0 means the port doesn't exists in local modifications. Local port modifications are stored in /var/lib/selinux/targeted/active/ports.local and can be shown using the following command: # semanage port -l -C e.g. for port 22 on my box: >>> (r, k) = semanage.semanage_port_key_create(h, 22, 22, semanage.SEMANAGE_PROTO_TCP) >>> semanage.semanage_port_exists(h, k) [5, 1] >>> semanage.semanage_port_exists_local(h, k) [5, 0] The port 22 is defined in the system policy, but there's no local modification. >>>> semanage.semanage_port_query(h, k) > [4, <Swig Object of type 'struct semanage_port *' at 0x7f1b04ce3b10>] 4 - commit_num <Swig Object of type 'struct semanage_port *' at 0x7f1b04ce3b10> is swig object representing the returned port obejt. >>>> (r, k) = semanage.semanage_port_key_create(h, 38579, 38579, > semanage.SEMANAGE_PROTO_TCP) >>>> semanage.semanage_port_query(h, k) > [4, None] There's no such object in database. > What do these results even mean ....? I guess in the first, 0, means it does > exist, where as the later port_query, None means it doesn't? The second is giving > me the struct of type that owns the port? > Petr -- Petr Lautrbach
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
