a èZ`@ ã@sDddlZejdddZejZddlTddlmZGdd„deƒZdS) éNzsetroubleshoot-pluginsT)Zfallback)Ú*)ÚPluginc@sLeZdZedƒZedƒZedƒZdZedƒZdZ dd„Z d d „Z d d „Z d S)ÚpluginzO SELinux is preventing $SOURCE_PATH from binding to port $PORT_NUMBER. a˜ SELinux has denied the $SOURCE from binding to a network port $PORT_NUMBER which does not have an SELinux type associated with it. If $SOURCE should be allowed to listen on $PORT_NUMBER, use the semanage command to assign $PORT_NUMBER to a port type that $SOURCE_TYPE can bind to (%s). If $SOURCE is not supposed to bind to $PORT_NUMBER, this could signal an intrusion attempt. aI If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. ÚzFIf you want to allow $SOURCE_PATH to bind to network port $PORT_NUMBERz!you need to modify the port type.cCsB|d d¡}t|ƒdkr&tdƒ|Stdƒ|d|dfSdS)Néú,zc# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s.z+# semanage port -a -t %s -p %s $PORT_NUMBERr)ÚsplitÚlenÚ_)ÚselfÚavcZoptionsZports©r ú//usr/share/setroubleshoot/plugins/bind_ports.pyÚ get_do_text2s  ÿzplugin.get_do_textcCst |t¡| d¡dS)Néd)rÚ__init__Ú__name__Z set_priority)r r r rr:s zplugin.__init__cCsJ| gd¢¡rF| dg¡rF| ¡}|rF| |j d¡dd |¡f¡SdS)N)Zhi_reserved_port_tZreserved_port_tZport_tZunreserved_port_tZ name_bindr rz, )Zmatches_target_typesZhas_any_access_inZallowed_target_typesZreportZtclassrÚjoin)r r Z allowed_typesr r rÚanalyze>s ÿ zplugin.analyzeN) rÚ __module__Ú __qualname__r ZsummaryZproblem_descriptionZfix_descriptionZfix_cmdZif_textZ then_textrrrr r r rrsr)ÚgettextZ translationr Zsetroubleshoot.utilZsetroubleshoot.Pluginrrr r r rÚs