| Message ID | 20200430183035.9976-1-toiwoton@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] sepolicy: fix some typos and port definitions | expand |
On Thu, Apr 30, 2020 at 09:30:35PM +0300, Topi Miettinen wrote: > The range of unreserved ports starts from 1024 and ends to > 65535 (inclusive). (Secure) RPC ports can be between 512 and > 1023 (inclusive). > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> Acked-by: Petr Lautrbach <plautrba@redhat.com> Thanks! It there's no other comment I'll merge this and the other patch on Monday. > --- > python/sepolicy/sepolicy/generate.py | 4 ++-- > python/sepolicy/sepolicy/interface.py | 2 +- > python/sepolicy/sepolicy/network.py | 6 +++--- > 3 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py > index e8d07e7d..4e1ed4e9 100644 > --- a/python/sepolicy/sepolicy/generate.py > +++ b/python/sepolicy/sepolicy/generate.py > @@ -340,7 +340,7 @@ class policy: > (self.generate_root_user_types, self.generate_root_user_rules), > (self.generate_new_types, self.generate_new_rules)) > if not re.match(r"^[a-zA-Z0-9-_]+$", name): > - raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\"")) > + raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\"")) > > if type == CGI: > self.name = "httpd_%s_script" % name > @@ -438,7 +438,7 @@ class policy: > > def set_init_script(self, initscript): > if self.type != DAEMON: > - raise ValueError(_("Only Daemon apps can use an init script..")) > + raise ValueError(_("Only Daemon apps can use an init script.")) > > self.initscript = initscript > > diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py > index 187419fa..7d4ebd7e 100644 > --- a/python/sepolicy/sepolicy/interface.py > +++ b/python/sepolicy/sepolicy/interface.py > @@ -198,7 +198,7 @@ def get_xml_file(if_file): > filename = os.path.basename(if_file).split(".")[0] > rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename)) > if rc != 0: > - sys.stderr.write("\n Could not proceed selected interface file.\n") > + sys.stderr.write("\n Could not process selected interface file.\n") > sys.stderr.write("\n%s" % output) > sys.exit(1) > else: > diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py > index ff308fad..d26a7ce6 100755 > --- a/python/sepolicy/sepolicy/network.py > +++ b/python/sepolicy/sepolicy/network.py > @@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False): > if "port_t" in tlist: > continue > if i == "port_t": > - d[(src, protocol, perm)].append((i, ["all ports with out defined types"])) > + d[(src, protocol, perm)].append((i, ["all ports without defined types"])) > if i == "port_type": > d[(src, protocol, perm)].append((i, ["all ports"])) > elif i == "unreserved_port_type": > - d[(src, protocol, perm)].append((i, ["all ports > 1024"])) > + d[(src, protocol, perm)].append((i, ["all ports >= 1024"])) > elif i == "reserved_port_type": > d[(src, protocol, perm)].append((i, ["all ports < 1024"])) > elif i == "rpc_port_type": > - d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"])) > + d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"])) > else: > try: > d[(src, protocol, perm)].append((i, portrecs[(i, protocol)])) > -- > 2.26.2 >
On Fri, May 01, 2020 at 09:37:34AM +0200, Petr Lautrbach wrote: > On Thu, Apr 30, 2020 at 09:30:35PM +0300, Topi Miettinen wrote: > > The range of unreserved ports starts from 1024 and ends to > > 65535 (inclusive). (Secure) RPC ports can be between 512 and > > 1023 (inclusive). > > > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> > > Acked-by: Petr Lautrbach <plautrba@redhat.com> > > Thanks! > > It there's no other comment I'll merge this and the other patch on Monday. Both applied. > > > --- > > python/sepolicy/sepolicy/generate.py | 4 ++-- > > python/sepolicy/sepolicy/interface.py | 2 +- > > python/sepolicy/sepolicy/network.py | 6 +++--- > > 3 files changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py > > index e8d07e7d..4e1ed4e9 100644 > > --- a/python/sepolicy/sepolicy/generate.py > > +++ b/python/sepolicy/sepolicy/generate.py > > @@ -340,7 +340,7 @@ class policy: > > (self.generate_root_user_types, self.generate_root_user_rules), > > (self.generate_new_types, self.generate_new_rules)) > > if not re.match(r"^[a-zA-Z0-9-_]+$", name): > > - raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\"")) > > + raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\"")) > > > > if type == CGI: > > self.name = "httpd_%s_script" % name > > @@ -438,7 +438,7 @@ class policy: > > > > def set_init_script(self, initscript): > > if self.type != DAEMON: > > - raise ValueError(_("Only Daemon apps can use an init script..")) > > + raise ValueError(_("Only Daemon apps can use an init script.")) > > > > self.initscript = initscript > > > > diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py > > index 187419fa..7d4ebd7e 100644 > > --- a/python/sepolicy/sepolicy/interface.py > > +++ b/python/sepolicy/sepolicy/interface.py > > @@ -198,7 +198,7 @@ def get_xml_file(if_file): > > filename = os.path.basename(if_file).split(".")[0] > > rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename)) > > if rc != 0: > > - sys.stderr.write("\n Could not proceed selected interface file.\n") > > + sys.stderr.write("\n Could not process selected interface file.\n") > > sys.stderr.write("\n%s" % output) > > sys.exit(1) > > else: > > diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py > > index ff308fad..d26a7ce6 100755 > > --- a/python/sepolicy/sepolicy/network.py > > +++ b/python/sepolicy/sepolicy/network.py > > @@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False): > > if "port_t" in tlist: > > continue > > if i == "port_t": > > - d[(src, protocol, perm)].append((i, ["all ports with out defined types"])) > > + d[(src, protocol, perm)].append((i, ["all ports without defined types"])) > > if i == "port_type": > > d[(src, protocol, perm)].append((i, ["all ports"])) > > elif i == "unreserved_port_type": > > - d[(src, protocol, perm)].append((i, ["all ports > 1024"])) > > + d[(src, protocol, perm)].append((i, ["all ports >= 1024"])) > > elif i == "reserved_port_type": > > d[(src, protocol, perm)].append((i, ["all ports < 1024"])) > > elif i == "rpc_port_type": > > - d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"])) > > + d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"])) > > else: > > try: > > d[(src, protocol, perm)].append((i, portrecs[(i, protocol)])) > > -- > > 2.26.2 > > >
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py index e8d07e7d..4e1ed4e9 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py @@ -340,7 +340,7 @@ class policy: (self.generate_root_user_types, self.generate_root_user_rules), (self.generate_new_types, self.generate_new_rules)) if not re.match(r"^[a-zA-Z0-9-_]+$", name): - raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\"")) + raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\"")) if type == CGI: self.name = "httpd_%s_script" % name @@ -438,7 +438,7 @@ class policy: def set_init_script(self, initscript): if self.type != DAEMON: - raise ValueError(_("Only Daemon apps can use an init script..")) + raise ValueError(_("Only Daemon apps can use an init script.")) self.initscript = initscript diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py index 187419fa..7d4ebd7e 100644 --- a/python/sepolicy/sepolicy/interface.py +++ b/python/sepolicy/sepolicy/interface.py @@ -198,7 +198,7 @@ def get_xml_file(if_file): filename = os.path.basename(if_file).split(".")[0] rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename)) if rc != 0: - sys.stderr.write("\n Could not proceed selected interface file.\n") + sys.stderr.write("\n Could not process selected interface file.\n") sys.stderr.write("\n%s" % output) sys.exit(1) else: diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py index ff308fad..d26a7ce6 100755 --- a/python/sepolicy/sepolicy/network.py +++ b/python/sepolicy/sepolicy/network.py @@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False): if "port_t" in tlist: continue if i == "port_t": - d[(src, protocol, perm)].append((i, ["all ports with out defined types"])) + d[(src, protocol, perm)].append((i, ["all ports without defined types"])) if i == "port_type": d[(src, protocol, perm)].append((i, ["all ports"])) elif i == "unreserved_port_type": - d[(src, protocol, perm)].append((i, ["all ports > 1024"])) + d[(src, protocol, perm)].append((i, ["all ports >= 1024"])) elif i == "reserved_port_type": d[(src, protocol, perm)].append((i, ["all ports < 1024"])) elif i == "rpc_port_type": - d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"])) + d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"])) else: try: d[(src, protocol, perm)].append((i, portrecs[(i, protocol)]))
The range of unreserved ports starts from 1024 and ends to 65535 (inclusive). (Secure) RPC ports can be between 512 and 1023 (inclusive). Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- python/sepolicy/sepolicy/generate.py | 4 ++-- python/sepolicy/sepolicy/interface.py | 2 +- python/sepolicy/sepolicy/network.py | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-)