semanage changes
Daniel J Walsh
dwalsh at redhat.com
Tue Sep 5 13:34:47 UTC 2006
Wart wrote:
> I'm trying to make modifications to semanage so that it's easier to
> delete all ports for a given context, ie:
>
> # semanage port -d -t crossfire_port_t
> # semanage port -d -t crossfire_port_t -d tcp
>
> However, I'm a little confused by the workings of the semanage python
> modules.
>
> /usr/sbin/semange makes the following call to delete the ports:
>
> OBJECT = seobject.portRecords()
> ...
> OBJECT.delete(target, proto)
>
> Where 'target' is the port number to delete, and proto is the protocol
> (tcp or udp). OBJECT is an array of selinux objects on which to operate.
>
> Presumably, either the OBJECT list contains only the selinux objects
> that match the input context (such as crossfire_port_t), or the
> delete() method has some magic to filter only the matching contexts.
> Since I couldn't find any code to support the latter, I suspect the
> former.
>
> Can someone explain how this OBJECT array gets filtered to only
> contain matching contexts? It's not obvious how this happens when the
> OBJECT array is created with seobject.portRecords().
>
I don't think there is any magic. Basically there is only one
portnumber/PROTOCOL allowed. So this is the key. Type is not part of
the key.
> Thanks,
>
> --Mike
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list