* [PATCH v2] sepolicy: fix some typos and port definitions
@ 2020-04-30 18:30 Topi Miettinen
2020-05-01 7:37 ` Petr Lautrbach
0 siblings, 1 reply; 3+ messages in thread
From: Topi Miettinen @ 2020-04-30 18:30 UTC (permalink / raw)
To: selinux; +Cc: Topi Miettinen
The range of unreserved ports starts from 1024 and ends to
65535 (inclusive). (Secure) RPC ports can be between 512 and
1023 (inclusive).
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
python/sepolicy/sepolicy/generate.py | 4 ++--
python/sepolicy/sepolicy/interface.py | 2 +-
python/sepolicy/sepolicy/network.py | 6 +++---
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index e8d07e7d..4e1ed4e9 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -340,7 +340,7 @@ class policy:
(self.generate_root_user_types, self.generate_root_user_rules),
(self.generate_new_types, self.generate_new_rules))
if not re.match(r"^[a-zA-Z0-9-_]+$", name):
- raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\""))
+ raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\""))
if type == CGI:
self.name = "httpd_%s_script" % name
@@ -438,7 +438,7 @@ class policy:
def set_init_script(self, initscript):
if self.type != DAEMON:
- raise ValueError(_("Only Daemon apps can use an init script.."))
+ raise ValueError(_("Only Daemon apps can use an init script."))
self.initscript = initscript
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
index 187419fa..7d4ebd7e 100644
--- a/python/sepolicy/sepolicy/interface.py
+++ b/python/sepolicy/sepolicy/interface.py
@@ -198,7 +198,7 @@ def get_xml_file(if_file):
filename = os.path.basename(if_file).split(".")[0]
rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename))
if rc != 0:
- sys.stderr.write("\n Could not proceed selected interface file.\n")
+ sys.stderr.write("\n Could not process selected interface file.\n")
sys.stderr.write("\n%s" % output)
sys.exit(1)
else:
diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py
index ff308fad..d26a7ce6 100755
--- a/python/sepolicy/sepolicy/network.py
+++ b/python/sepolicy/sepolicy/network.py
@@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False):
if "port_t" in tlist:
continue
if i == "port_t":
- d[(src, protocol, perm)].append((i, ["all ports with out defined types"]))
+ d[(src, protocol, perm)].append((i, ["all ports without defined types"]))
if i == "port_type":
d[(src, protocol, perm)].append((i, ["all ports"]))
elif i == "unreserved_port_type":
- d[(src, protocol, perm)].append((i, ["all ports > 1024"]))
+ d[(src, protocol, perm)].append((i, ["all ports >= 1024"]))
elif i == "reserved_port_type":
d[(src, protocol, perm)].append((i, ["all ports < 1024"]))
elif i == "rpc_port_type":
- d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"]))
+ d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"]))
else:
try:
d[(src, protocol, perm)].append((i, portrecs[(i, protocol)]))
--
2.26.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH v2] sepolicy: fix some typos and port definitions
2020-04-30 18:30 [PATCH v2] sepolicy: fix some typos and port definitions Topi Miettinen
@ 2020-05-01 7:37 ` Petr Lautrbach
2020-05-04 8:44 ` Petr Lautrbach
0 siblings, 1 reply; 3+ messages in thread
From: Petr Lautrbach @ 2020-05-01 7:37 UTC (permalink / raw)
To: selinux; +Cc: Topi Miettinen
[-- Attachment #1: Type: text/plain, Size: 4035 bytes --]
On Thu, Apr 30, 2020 at 09:30:35PM +0300, Topi Miettinen wrote:
> The range of unreserved ports starts from 1024 and ends to
> 65535 (inclusive). (Secure) RPC ports can be between 512 and
> 1023 (inclusive).
>
> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
Thanks!
It there's no other comment I'll merge this and the other patch on Monday.
> ---
> python/sepolicy/sepolicy/generate.py | 4 ++--
> python/sepolicy/sepolicy/interface.py | 2 +-
> python/sepolicy/sepolicy/network.py | 6 +++---
> 3 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
> index e8d07e7d..4e1ed4e9 100644
> --- a/python/sepolicy/sepolicy/generate.py
> +++ b/python/sepolicy/sepolicy/generate.py
> @@ -340,7 +340,7 @@ class policy:
> (self.generate_root_user_types, self.generate_root_user_rules),
> (self.generate_new_types, self.generate_new_rules))
> if not re.match(r"^[a-zA-Z0-9-_]+$", name):
> - raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\""))
> + raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\""))
>
> if type == CGI:
> self.name = "httpd_%s_script" % name
> @@ -438,7 +438,7 @@ class policy:
>
> def set_init_script(self, initscript):
> if self.type != DAEMON:
> - raise ValueError(_("Only Daemon apps can use an init script.."))
> + raise ValueError(_("Only Daemon apps can use an init script."))
>
> self.initscript = initscript
>
> diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
> index 187419fa..7d4ebd7e 100644
> --- a/python/sepolicy/sepolicy/interface.py
> +++ b/python/sepolicy/sepolicy/interface.py
> @@ -198,7 +198,7 @@ def get_xml_file(if_file):
> filename = os.path.basename(if_file).split(".")[0]
> rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename))
> if rc != 0:
> - sys.stderr.write("\n Could not proceed selected interface file.\n")
> + sys.stderr.write("\n Could not process selected interface file.\n")
> sys.stderr.write("\n%s" % output)
> sys.exit(1)
> else:
> diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py
> index ff308fad..d26a7ce6 100755
> --- a/python/sepolicy/sepolicy/network.py
> +++ b/python/sepolicy/sepolicy/network.py
> @@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False):
> if "port_t" in tlist:
> continue
> if i == "port_t":
> - d[(src, protocol, perm)].append((i, ["all ports with out defined types"]))
> + d[(src, protocol, perm)].append((i, ["all ports without defined types"]))
> if i == "port_type":
> d[(src, protocol, perm)].append((i, ["all ports"]))
> elif i == "unreserved_port_type":
> - d[(src, protocol, perm)].append((i, ["all ports > 1024"]))
> + d[(src, protocol, perm)].append((i, ["all ports >= 1024"]))
> elif i == "reserved_port_type":
> d[(src, protocol, perm)].append((i, ["all ports < 1024"]))
> elif i == "rpc_port_type":
> - d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"]))
> + d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"]))
> else:
> try:
> d[(src, protocol, perm)].append((i, portrecs[(i, protocol)]))
> --
> 2.26.2
>
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH v2] sepolicy: fix some typos and port definitions
2020-05-01 7:37 ` Petr Lautrbach
@ 2020-05-04 8:44 ` Petr Lautrbach
0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2020-05-04 8:44 UTC (permalink / raw)
To: selinux; +Cc: Topi Miettinen
[-- Attachment #1: Type: text/plain, Size: 4163 bytes --]
On Fri, May 01, 2020 at 09:37:34AM +0200, Petr Lautrbach wrote:
> On Thu, Apr 30, 2020 at 09:30:35PM +0300, Topi Miettinen wrote:
> > The range of unreserved ports starts from 1024 and ends to
> > 65535 (inclusive). (Secure) RPC ports can be between 512 and
> > 1023 (inclusive).
> >
> > Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
>
> Acked-by: Petr Lautrbach <plautrba@redhat.com>
>
> Thanks!
>
> It there's no other comment I'll merge this and the other patch on Monday.
Both applied.
>
> > ---
> > python/sepolicy/sepolicy/generate.py | 4 ++--
> > python/sepolicy/sepolicy/interface.py | 2 +-
> > python/sepolicy/sepolicy/network.py | 6 +++---
> > 3 files changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
> > index e8d07e7d..4e1ed4e9 100644
> > --- a/python/sepolicy/sepolicy/generate.py
> > +++ b/python/sepolicy/sepolicy/generate.py
> > @@ -340,7 +340,7 @@ class policy:
> > (self.generate_root_user_types, self.generate_root_user_rules),
> > (self.generate_new_types, self.generate_new_rules))
> > if not re.match(r"^[a-zA-Z0-9-_]+$", name):
> > - raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\""))
> > + raise ValueError(_("Name must be alphanumeric with no spaces. Consider using option \"-n MODULENAME\""))
> >
> > if type == CGI:
> > self.name = "httpd_%s_script" % name
> > @@ -438,7 +438,7 @@ class policy:
> >
> > def set_init_script(self, initscript):
> > if self.type != DAEMON:
> > - raise ValueError(_("Only Daemon apps can use an init script.."))
> > + raise ValueError(_("Only Daemon apps can use an init script."))
> >
> > self.initscript = initscript
> >
> > diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
> > index 187419fa..7d4ebd7e 100644
> > --- a/python/sepolicy/sepolicy/interface.py
> > +++ b/python/sepolicy/sepolicy/interface.py
> > @@ -198,7 +198,7 @@ def get_xml_file(if_file):
> > filename = os.path.basename(if_file).split(".")[0]
> > rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename))
> > if rc != 0:
> > - sys.stderr.write("\n Could not proceed selected interface file.\n")
> > + sys.stderr.write("\n Could not process selected interface file.\n")
> > sys.stderr.write("\n%s" % output)
> > sys.exit(1)
> > else:
> > diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py
> > index ff308fad..d26a7ce6 100755
> > --- a/python/sepolicy/sepolicy/network.py
> > +++ b/python/sepolicy/sepolicy/network.py
> > @@ -49,15 +49,15 @@ def get_network_connect(src, protocol, perm, check_bools=False):
> > if "port_t" in tlist:
> > continue
> > if i == "port_t":
> > - d[(src, protocol, perm)].append((i, ["all ports with out defined types"]))
> > + d[(src, protocol, perm)].append((i, ["all ports without defined types"]))
> > if i == "port_type":
> > d[(src, protocol, perm)].append((i, ["all ports"]))
> > elif i == "unreserved_port_type":
> > - d[(src, protocol, perm)].append((i, ["all ports > 1024"]))
> > + d[(src, protocol, perm)].append((i, ["all ports >= 1024"]))
> > elif i == "reserved_port_type":
> > d[(src, protocol, perm)].append((i, ["all ports < 1024"]))
> > elif i == "rpc_port_type":
> > - d[(src, protocol, perm)].append((i, ["all ports > 500 and < 1024"]))
> > + d[(src, protocol, perm)].append((i, ["all ports >= 512 and < 1024"]))
> > else:
> > try:
> > d[(src, protocol, perm)].append((i, portrecs[(i, protocol)]))
> > --
> > 2.26.2
> >
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-04 8:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-30 18:30 [PATCH v2] sepolicy: fix some typos and port definitions Topi Miettinen
2020-05-01 7:37 ` Petr Lautrbach
2020-05-04 8:44 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.