semanage: swap tcp and udp protocol numbers

Message ID	1470818350-3637-1-git-send-email-mvadkert@redhat.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> IronPort-PHdr: =?us-ascii?q?9a23=3AeKVP4BD22nLNBHpR3VxlUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP78oMbcNUDSrc9gkEXOFd2CrakV0qyO6Ou4AyRAuc/H6yFaNsQUFlcsso?= =?us-ascii?q?Y/p0QYGsmLCEn2frbBThcRO4B8bmJj5GyxKkNPGczzNBX4q3y26iMOSF2kbVIm?= =?us-ascii?q?btr8FoOatcmrzef6o8SVOFQRwmLmKusoZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?= =?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN92dfv/SXn?= =?us-ascii?q?YUPPoyJEEzZerh0dGAXB7RfnTr/toyD6sax7wyDcMsroHp4uXjH3yqZxTwTsgT?= =?us-ascii?q?lPCTc182zNls042KdFqR6iqgZj65TZbIGcKLx1eaaLLoBSfnZIQssED38JOYi7?= =?us-ascii?q?dYZaSrNZMA=3D=3D?= IronPort-PHdr: =?us-ascii?q?9a23=3ADLGWZhwmVLxVpWLXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0ewUIJqq85mqBkHD//Il1AaPBtSCraofwLKM++C4ACpbsM7H6ChDOLV3FDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpqsSVO14D3GD1Iesrak7n9UOJ7oheqLAhA5558gHOrHpMdr?= =?us-ascii?q?Ye7kJTDnXXoSzB4Nyt9oVo6SVatqFp3cdBVaLnY/ZwFuQAX3x1e1wysdbmsRjF?= =?us-ascii?q?UBun+moXUmJQlAFBRQfC8kLURJD05w77rO1m3CCEdfP/QbM5Qyijp/NuVhbkiy?= =?us-ascii?q?odKxYj/W3Xg9A2h6Ve9kHy7ydjypLZNdnGfMF1ebnQKIsX?= From: Miroslav Vadkerti <mvadkert@redhat.com> To: selinux@tycho.nsa.gov Subject: [PATCH] semanage: swap tcp and udp protocol numbers Date: Wed, 10 Aug 2016 10:39:10 +0200 Message-Id: <1470818350-3637-1-git-send-email-mvadkert@redhat.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

1470818350-3637-1-git-send-email-mvadkert@redhat.com (mailing list archive)

State

Not Applicable

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3AeKVP4BD22nLNBHpR3VxlUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP78oMbcNUDSrc9gkEXOFd2CrakV0qyO6Ou4AyRAuc/H6yFaNsQUFlcsso?=
	=?us-ascii?q?Y/p0QYGsmLCEn2frbBThcRO4B8bmJj5GyxKkNPGczzNBX4q3y26iMOSF2kbVIm?=
	=?us-ascii?q?btr8FoOatcmrzef6o8SVOFQRwmLmKusoZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?=
	=?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN92dfv/SXn?=
	=?us-ascii?q?YUPPoyJEEzZerh0dGAXB7RfnTr/toyD6sax7wyDcMsroHp4uXjH3yqZxTwTsgT?=
	=?us-ascii?q?lPCTc182zNls042KdFqR6iqgZj65TZbIGcKLx1eaaLLoBSfnZIQssED38JOYi7?=
	=?us-ascii?q?dYZaSrNZMA=3D=3D?=
IronPort-PHdr: =?us-ascii?q?9a23=3ADLGWZhwmVLxVpWLXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0ewUIJqq85mqBkHD//Il1AaPBtSCraofwLKM++C4ACpbsM7H6ChDOLV3FDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpqsSVO14D3GD1Iesrak7n9UOJ7oheqLAhA5558gHOrHpMdr?=
	=?us-ascii?q?Ye7kJTDnXXoSzB4Nyt9oVo6SVatqFp3cdBVaLnY/ZwFuQAX3x1e1wysdbmsRjF?=
	=?us-ascii?q?UBun+moXUmJQlAFBRQfC8kLURJD05w77rO1m3CCEdfP/QbM5Qyijp/NuVhbkiy?=
	=?us-ascii?q?odKxYj/W3Xg9A2h6Ve9kHy7ydjypLZNdnGfMF1ebnQKIsX?=
From: Miroslav Vadkerti <mvadkert@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH] semanage: swap tcp and udp protocol numbers
Date: Wed, 10 Aug 2016 10:39:10 +0200
Message-Id: <1470818350-3637-1-git-send-email-mvadkert@redhat.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Commit Message

Miroslav Vadkerti Aug. 10, 2016, 8:39 a.m. UTC

The tcp/udp protocol numbers were accidentaly swapped in
the original patch 'semanage: add auditing of changes in records'.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
---
 policycoreutils/semanage/seobject.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

James Carter Aug. 10, 2016, 2:30 p.m. UTC | #1

On 08/10/2016 04:39 AM, Miroslav Vadkerti wrote:
> The tcp/udp protocol numbers were accidentaly swapped in
> the original patch 'semanage: add auditing of changes in records'.
>
> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>

Applied.

Thanks,
Jim

> ---
>  policycoreutils/semanage/seobject.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
> index 317b421..786ed0e 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -88,8 +88,8 @@ file_type_str_to_option = {"all files": "a",
>                             "symbolic link": "l",
>                             "named pipe": "p"}
>
> -proto_to_audit = {"tcp": 17,
> -                  "udp": 6,
> +proto_to_audit = {"tcp": 6,
> +                  "udp": 17,
>                    "ipv4": 4,
>                    "ipv6": 41}
>
>

Chris PeBenito Aug. 14, 2016, 8:23 p.m. UTC | #2

On 08/10/16 04:39, Miroslav Vadkerti wrote:
> The tcp/udp protocol numbers were accidentaly swapped in
> the original patch 'semanage: add auditing of changes in records'.
>
> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
> ---
>  policycoreutils/semanage/seobject.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
> index 317b421..786ed0e 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -88,8 +88,8 @@ file_type_str_to_option = {"all files": "a",
>                             "symbolic link": "l",
>                             "named pipe": "p"}
>
> -proto_to_audit = {"tcp": 17,
> -                  "udp": 6,
> +proto_to_audit = {"tcp": 6,
> +                  "udp": 17,
>                    "ipv4": 4,
>                    "ipv6": 41}

I realize this has already been merged, but why not use existing 
constants such as socket.IPPROTO_TCP and socket.AF_INET rather than hard 
coding the protocol numbers?

Miroslav Vadkerti Aug. 15, 2016, 7:37 a.m. UTC | #3

On Sun, Aug 14, 2016 at 10:23 PM, Chris PeBenito <pebenito@ieee.org> wrote:

> On 08/10/16 04:39, Miroslav Vadkerti wrote:
>
>> The tcp/udp protocol numbers were accidentaly swapped in
>> the original patch 'semanage: add auditing of changes in records'.
>>
>> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
>> ---
>>  policycoreutils/semanage/seobject.py | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/policycoreutils/semanage/seobject.py
>> b/policycoreutils/semanage/seobject.py
>> index 317b421..786ed0e 100644
>> --- a/policycoreutils/semanage/seobject.py
>> +++ b/policycoreutils/semanage/seobject.py
>> @@ -88,8 +88,8 @@ file_type_str_to_option = {"all files": "a",
>>                             "symbolic link": "l",
>>                             "named pipe": "p"}
>>
>> -proto_to_audit = {"tcp": 17,
>> -                  "udp": 6,
>> +proto_to_audit = {"tcp": 6,
>> +                  "udp": 17,
>>                    "ipv4": 4,
>>                    "ipv6": 41}
>>
>
> I realize this has already been merged, but why not use existing constants
> such as socket.IPPROTO_TCP and socket.AF_INET rather than hard coding the
> protocol numbers?


Yes, ot we could directly use socket.getprotobyname(protocolname) instead
of the dictionary. I will supply a patch today, thanks!



>
>
> --
> Chris PeBenito
>

Miroslav Vadkerti Aug. 15, 2016, 9 a.m. UTC | #4

On Mon, Aug 15, 2016 at 9:37 AM, Miroslav Vadkerti <mvadkert@redhat.com>
wrote:

> On Sun, Aug 14, 2016 at 10:23 PM, Chris PeBenito <pebenito@ieee.org>
> wrote:
>
>> On 08/10/16 04:39, Miroslav Vadkerti wrote:
>>
>>> The tcp/udp protocol numbers were accidentaly swapped in
>>> the original patch 'semanage: add auditing of changes in records'.
>>>
>>> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
>>> ---
>>>  policycoreutils/semanage/seobject.py | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/policycoreutils/semanage/seobject.py
>>> b/policycoreutils/semanage/seobject.py
>>> index 317b421..786ed0e 100644
>>> --- a/policycoreutils/semanage/seobject.py
>>> +++ b/policycoreutils/semanage/seobject.py
>>> @@ -88,8 +88,8 @@ file_type_str_to_option = {"all files": "a",
>>>                             "symbolic link": "l",
>>>                             "named pipe": "p"}
>>>
>>> -proto_to_audit = {"tcp": 17,
>>> -                  "udp": 6,
>>> +proto_to_audit = {"tcp": 6,
>>> +                  "udp": 17,
>>>                    "ipv4": 4,
>>>                    "ipv6": 41}
>>>
>>
>> I realize this has already been merged, but why not use existing
>> constants such as socket.IPPROTO_TCP and socket.AF_INET rather than hard
>> coding the protocol numbers?
>
>
> Yes, ot we could directly use socket.getprotobyname(protocolname)
> instead of the dictionary. I will supply a patch today, thanks!
>

The patch using socket.getprotobyname(protocolname) has been submmited,
but it is based on top of this patch, so if possible please this one also
so there is no conflict.

Thanks!
/M



>
>
>
>>
>>
>> --
>> Chris PeBenito
>>
>
>
>
> --
> Miroslav Vadkerti :: Senior QE / RHCSS :: BaseOS QE Security
> IRC mvadkert #qe #urt #brno #rpmdiff :: GPG 0x25881087
> Desk Phone +420 532 294 129 :: Mobile +420 773 944 252
> Red Hat Czech s.r.o, Purkyňova 99/71, 612 00, Brno, CR
>
>

diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 317b421..786ed0e 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -88,8 +88,8 @@  file_type_str_to_option = {"all files": "a",
                            "symbolic link": "l",
                            "named pipe": "p"}
 
-proto_to_audit = {"tcp": 17,
-                  "udp": 6,
+proto_to_audit = {"tcp": 6,
+                  "udp": 17,
                   "ipv4": 4,
                   "ipv6": 41}

semanage: swap tcp and udp protocol numbers

Commit Message

Comments

Patch