If ports were labeled using range, ds_selinux_port_query still thinks that they are not labeled:
ds_selinux_port_query
# semanage port -l | grep ldap ldap_port_t tcp 38930-38969, 389, 636, 3268, 7389 ldap_port_t udp 389, 636 # ds_selinux_port_query 389; echo $? 1 # ds_selinux_port_query 38930; echo $? 0
As a result, setup-ds.pl attempts to run semanage to label the port and fails, though the instance gets installed.
semanage
attachment 0001-Ticket-49108-ds_selinux_port_query-doesn-t-detect-po.patch
{{{ ./test.sh + semanage port -l + grep ldap_port_t ldap_port_t tcp 38900-38999, 63600-63900, 389, 636, 3268, 7389 ldap_port_t udp 389, 636 + ds_selinux_port_query 389 + echo 1 1 + ds_selinux_port_query.new 389 + echo 1 1 + ds_selinux_port_query 389 ldap_port_t + echo 1 1 + ds_selinux_port_query.new 389 ldap_port_t + echo 1 1 + ds_selinux_port_query 389 ssh_port_t Port belongs to ldap_port_t + echo 2 2 + ds_selinux_port_query.new 389 ssh_port_t Port belongs to ldap_port_t + echo 2 2 + ds_selinux_port_query 38900 + echo 0 0 + ds_selinux_port_query.new 38900 + echo 1 1 + ds_selinux_port_query 38900 ldap_port_t + echo 0 0 + ds_selinux_port_query.new 38900 ldap_port_t + echo 1 1 + ds_selinux_port_query 38900 ssh_port_t + echo 0 0 + ds_selinux_port_query.new 38900 ssh_port_t Port belongs to ldap_port_t + echo 2 2 }}}
Great enhancement!
Looks awesome, great solution. Thanks for your work on this :)
Thank you Noriko and William! :)
commit 5e46302 To ssh://git.fedorahosted.org/git/389/ds.git ad23dc8..5e46302 master -> master
Metadata Update from @nhosoi: - Issue set to the milestone: 1.3.6.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2167
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.