All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Quigley <selinux@davequigley.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SELinux List <selinux@tycho.nsa.gov>
Subject: Re: matchportcon?
Date: Mon, 15 Jul 2013 09:07:54 -0400	[thread overview]
Message-ID: <3fa9165e8c1cfe4a72ba570e3420de6a@countercultured.net> (raw)
In-Reply-To: <51E3F30A.8010603@tycho.nsa.gov>

On 07/15/2013 09:03, Stephen Smalley wrote:
> On 07/14/2013 01:26 AM, Dave Quigley wrote:
>> Do we have an equivalent of matchpathcon for ports? Where we can 
>> specify
>> a protocol and port and see what the policy thinks it labeled?
>
> Closest approximation I can think of would be to use
> checkpolicy -Mdb /path/to/policy
> and then choose 9, input the protocol and port number, choose 1, and
> input the SID that was displayed.
>
> It would be very nice to have a more user-friendly (and scriptable)
> interface to the checkpolicy -d (debug) functionality.


So over on fedora-selinux dominic grift suggested I use sepolicy 
network to check it out. The only issue with its usage is that it 
doesn't tell you what it actually is. Instead it gives you all rules 
that will match and you have to realize the most specific one wins. It 
is however sufficient for my talk so I'll probably use it.

Dave

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2013-07-15 13:07 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-14  5:26 matchportcon? Dave Quigley
2013-07-15 13:03 ` matchportcon? Stephen Smalley
2013-07-15 13:07   ` David Quigley [this message]
2013-07-15 15:23     ` matchportcon? Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3fa9165e8c1cfe4a72ba570e3420de6a@countercultured.net \
    --to=selinux@davequigley.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.