Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: [SEMANAGE][SEPOL] Enable ports Date: Fri, 23 Dec 2005 21:08:51 -0500
So, this patch takes the simplest possible approach - a key matches if low = low2, high = high2, and proto = proto2. This means that at the key level, ranges 10-20, and 15-30 are completely different, even though they overlap and represent the same ports. Two ranges with matching bounds and protocol are not allowed, but they can overlap inexactly. In that case, the one added later takes precedence, and is written at the end of the file (and pushed at the beginning of the list in the policydb). If additional overlap checks are needed, they should be implemented at the libsemanage client. This brings up an interesting point - if ordering of records matters, then some thought should go into which way iterate() loops over the records... (and what order list() returns). Currently for files, the ordering is backwards to what appears in the file (not sure what policydb does).
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |