-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had a problem where I wanted to allow a cupsd_t to be able to open a particular port at the firewall, say the ipp_port_t port. sepolicy network -t ipp_port_t ipp_port_t: tcp: 631,8610-8614 ipp_port_t: udp: 631,8610-8614 The problem, cups is sending across and open tcp/631 and I need firewalld to check something like allow cupsd_t ipp_port_t:tcp_netfilter open; The only way for firewalld to figure out what type port tcp/361 is assigned to, was to load the sepolicy framework and read in the currently loaded policy. I think we should add an interface to the /sys/fs/selinux that would take a port number and a protocol and return a process_type. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL6LooACgkQrlYvE4MpobObLgCcCVn7A5N1oR1FzkWu4nxwsRB3 p/YAoKHmGISKqsJQySGZVsdPSm+lEF+Z =jwBl -----END PGP SIGNATURE----- _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
