389-ds-base

Clone
Source Code
GIT

#49108 ds_selinux_port_query doesn't detect ports labeled with range
Closed: wontfix None Opened 7 years ago by vashirov.

Closed: wontfix
Reopen Issue

If ports were labeled using range, ds_selinux_port_query still thinks that they are not labeled:

# semanage port -l | grep ldap 
ldap_port_t                    tcp      38930-38969, 389, 636, 3268, 7389
ldap_port_t                    udp      389, 636
# ds_selinux_port_query 389; echo $?
1
# ds_selinux_port_query 38930; echo $?
0

As a result, setup-ds.pl attempts to run semanage to label the port and fails, though the instance gets installed.

{{{
./test.sh
+ semanage port -l
+ grep ldap_port_t
ldap_port_t tcp 38900-38999, 63600-63900, 389, 636, 3268, 7389
ldap_port_t udp 389, 636
+ ds_selinux_port_query 389
+ echo 1
1
+ ds_selinux_port_query.new 389
+ echo 1
1
+ ds_selinux_port_query 389 ldap_port_t
+ echo 1
1
+ ds_selinux_port_query.new 389 ldap_port_t
+ echo 1
1
+ ds_selinux_port_query 389 ssh_port_t
Port belongs to ldap_port_t
+ echo 2
2
+ ds_selinux_port_query.new 389 ssh_port_t
Port belongs to ldap_port_t
+ echo 2
2
+ ds_selinux_port_query 38900
+ echo 0
0
+ ds_selinux_port_query.new 38900
+ echo 1
1
+ ds_selinux_port_query 38900 ldap_port_t
+ echo 0
0
+ ds_selinux_port_query.new 38900 ldap_port_t
+ echo 1
1
+ ds_selinux_port_query 38900 ssh_port_t
+ echo 0
0
+ ds_selinux_port_query.new 38900 ssh_port_t
Port belongs to ldap_port_t
+ echo 2
2
}}}

Great enhancement!

Looks awesome, great solution. Thanks for your work on this :)

Thank you Noriko and William! :)

commit 5e46302
To ssh://git.fedorahosted.org/git/389/ds.git
ad23dc8..5e46302 master -> master

Metadata Update from @nhosoi:
- Issue set to the milestone: 1.3.6.0
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2167

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
normal
ack
None
QE
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.