semanage tool add port indicates non existant error

Bug #193945 reported by Tobias Mayer
2
Affects Status Importance Assigned to Milestone
policycoreutils (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: policycoreutils

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"

||/ Name Version Description
+++-==========================================-============================-============================================
ii policycoreutils 2.0.43-0ubuntu1+ppa3 SELinux core policy utilities

when i try to combine a certain port type to a port number like this:
semanage port --add --proto tcp --type boxbackup_port_t 2201

the output is:
--proto not valid for port objects

however, semanage port -l shows that the port gets registered.

semanage port --delete shows the same behaviour.

Revision history for this message
Caleb Case (calebcase) wrote :

This bug has been patched and merged upstream. I have a patch in my bzr repo and it should go into the next package update (hopefully ;o}

Thanks for the report,

Caleb

------------------------------------------------------------------------
r2849 | ssmalley | 2008-03-18 16:25:27 -0400 (Tue, 18 Mar 2008) | 33 lines

Author: Caleb Case
Email: <email address hidden>
Subject: policycoreutils semanage --proto --protocol inconsistent flags
Date: Tue, 18 Mar 2008 10:31:16 -0400

semanage --help indicates two conflicting ways of using the port protocol flag:

# semanage --help | grep proto
semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range
 -p, --proto Port protocol (tcp or udp)

That is --protocol and --proto.

The code paths are similarly conflicted with --protocol as the 'valid_option', but --proto as the flag actually used in getopt. This results in --protocol not being recognized:

# semanage port -t ftp_port_t -a --protocol tcp 12345
/usr/sbin/semanage: Options Error option --protocol not recognized

The port is not added in this case.

Using --proto instead results in a 'not valid for port objects' error, but the error is ignored and the port added:

# semanage port -t ftp_port_t -a --proto tcp 12345
--proto not valid for port objects

# semanage port -l | grep 12345
ftp_port_t tcp 12345, 21

The man pages for semanage are also inconsistent.

This patch resolves the inconsistency to use --proto.

Daniel T Chen (crimsun)
Changed in policycoreutils:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers