Bug 1225810 - semanage port -l omits reserved_port_t definition (ports < 512)
Summary: semanage port -l omits reserved_port_t definition (ports < 512)
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: policycoreutils
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Keywords:
: 1270888 (view as bug list)
Depends On:
Blocks: 1377248
TreeView+ depends on / blocked
 
Reported: 2015-05-28 09:31 UTC by Milos Malik
Modified: 2017-08-01 16:16 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2017-08-01 16:16:12 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1883 normal SHIPPED_LIVE policycoreutils bug fix update 2017-08-01 17:53:54 UTC

Description Milos Malik 2015-05-28 09:31:37 UTC
Description of problem:
 * found a discrepancy between the output of seinfo --portcon and semanage port -l
 * not sure which component to blame

Version-Release number of selected component (if applicable):
libselinux-2.2.2-6.el7.x86_64
libselinux-devel-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
libselinux-ruby-2.2.2-6.el7.x86_64
libselinux-utils-2.2.2-6.el7.x86_64
libsemanage-2.1.10-16.el7.x86_64
libsemanage-python-2.1.10-16.el7.x86_64
libsepol-2.1.9-3.el7.x86_64
libsepol-devel-2.1.9-3.el7.x86_64
policycoreutils-2.2.5-15.el7.x86_64
policycoreutils-devel-2.2.5-15.el7.x86_64
policycoreutils-newrole-2.2.5-15.el7.x86_64
policycoreutils-python-2.2.5-15.el7.x86_64
policycoreutils-restorecond-2.2.5-15.el7.x86_64
policycoreutils-sandbox-2.2.5-15.el7.x86_64
selinux-policy-3.13.1-25.el7.noarch
selinux-policy-devel-3.13.1-25.el7.noarch
selinux-policy-doc-3.13.1-25.el7.noarch
selinux-policy-minimum-3.13.1-25.el7.noarch
selinux-policy-mls-3.13.1-25.el7.noarch
selinux-policy-sandbox-3.13.1-25.el7.noarch
selinux-policy-targeted-3.13.1-25.el7.noarch

How reproducible:
always

Steps to Reproduce:
# seinfo --portcon | grep reser
	portcon tcp 512-1023 system_u:object_r:hi_reserved_port_t:s0
	portcon udp 512-1023 system_u:object_r:hi_reserved_port_t:s0
	portcon tcp 1-511 system_u:object_r:reserved_port_t:s0
	portcon udp 1-511 system_u:object_r:reserved_port_t:s0
	portcon tcp 1024-32767 system_u:object_r:unreserved_port_t:s0
	portcon tcp 61001-65535 system_u:object_r:unreserved_port_t:s0
	portcon udp 1024-32767 system_u:object_r:unreserved_port_t:s0
	portcon udp 61001-65535 system_u:object_r:unreserved_port_t:s0
# semanage port -l | grep reser
hi_reserved_port_t             tcp      512-1023
hi_reserved_port_t             udp      512-1023
unreserved_port_t              tcp      1024-32767, 61001-65535
unreserved_port_t              udp      1024-32767, 61001-65535
# 

Actual results:
 * seinfo knows the definition of reserved_port_t
 * semanage does not

Expected results:
 * both seinfo and semanage know the definition of reserved_port_t

Comment 2 Dalibor Pospíšil 2016-05-10 15:12:55 UTC
*** Bug 1270888 has been marked as a duplicate of this bug. ***

Comment 7 Petr Lautrbach 2017-01-23 11:28:55 UTC
The patch is applied on seobject.py while the version in Red Hat Enterprise Linux 7 uses seobject/__init__.py therefore the patch needs to be adapted to this file as well.

Comment 10 errata-xmlrpc 2017-08-01 16:16:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1883


Note You need to log in before you can comment on or make changes to this bug.