On 07/15/2013 09:03, Stephen Smalley wrote:
On 07/14/2013 01:26 AM, Dave Quigley wrote:
Do we have an equivalent of matchpathcon for ports? Where we can
specify
a protocol and port and see what the policy thinks it labeled?
Closest approximation I can think of would be to use
checkpolicy -Mdb /path/to/policy
and then choose 9, input the protocol and port number, choose 1, and
input the SID that was displayed.
It would be very nice to have a more user-friendly (and scriptable)
interface to the checkpolicy -d (debug) functionality.
So over on fedora-selinux dominic grift suggested I use sepolicy
network to check it out. The only issue with its usage is that it
doesn't tell you what it actually is. Instead it gives you all rules
that will match and you have to realize the most specific one wins. It
is however sufficient for my talk so I'll probably use it.
Dave
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
