3

nm�a@�@sDdd
lZej
ddd�Z
e
jZddlTddlmZ
Gdd�de�Zd
S)	�Nzsetroubleshoot-pluginsT)
Zfallback)
�
*)
�Pluginc@sLeZ
dZed
�
Zed�
Zed�
ZdZed�
ZdZ	dd�Z
d	d
�Zdd�Zd
S)�pluginzO
    SELinux is preventing $SOURCE_PATH from binding to port $PORT_NUMBER.
    a�

    SELinux has denied the $SOURCE from binding to a network port $PORT_NUMBER which does not have an SELinux type associated with it.
    If $SOURCE should be allowed to listen on $PORT_NUMBER, use the <i>semanage</i> command to assign $PORT_NUMBER to a port type that $SOURCE_TYPE can bind to (%s).
    

If $SOURCE is not supposed
    to bind to $PORT_NUMBER, this could signal an intrusion attempt.
    aI

    If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute 

    # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER
    
where PORT_TYPE is one of the following: %s.

    

If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem.  setsebool -P allow_ypbind=1.
    �zFIf you want to allow $SOURCE_PATH to bind to network port $PORT_NUMBERz!you need to modify the port type.cCsB|d
jd�
}t
|�
d
kr&td�
|Std�
|d
|dfSdS)N�
�
,zc# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER
    where PORT_TYPE is one of the following: %s.z+# semanage port -a -t %s -p %s $PORT_NUMBERr
)�split�len�
_)�self�avcZoptionsZports�r
�//usr/share/setroubleshoot/plugins/bind_ports.py�get_do_text2s





zplugin.get_do_textc

Cstj
|t�
|jd
�

dS)N�d)r�__init__�__name__Zset_priority)
rr
r
rr:s

zplugin.__init__cCsN|
jd
dddg�
rJ|
j
dg
�
rJ|
j�}|rJ|j|
jjd�
ddj|�
f�
SdS)	NZhi_reserved_port_tZreserved_port_tZport_tZunreserved_port_tZ	name_bindr
r
z, )Zmatches_target_typesZhas_any_access_inZallowed_target_typesZreportZtclassr�join)rrZ
allowed_typesr
r
r�analyze>s



 zplugin.analyzeN)
r�
__module__�__qualname__r
ZsummaryZproblem_descriptionZfix_descriptionZfix_cmdZif_textZ	then_textrrrr
r
r
rrs


r)�gettextZtranslationr
Zsetroubleshoot.utilZsetroubleshoot.Pluginrrr
r
r
r�<module>s