rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.142, 1.143 policycoreutils.spec, 1.211, 1.212
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 10 17:13:03 UTC 2006
- Previous message (by thread): rpms/perl-HTML-Tagset/devel .cvsignore, 1.4, 1.5 perl-HTML-Tagset.spec, 1.10, 1.11 sources, 1.4, 1.5
- Next message (by thread): rpms/perl-Devel-Symdump/devel .cvsignore, 1.3, 1.4 perl-Devel-Symdump.spec, 1.10, 1.11 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/policycoreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv21772
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Tue Jan 10 2006 Dan Walsh <dwalsh at redhat.com> 1.29.5-2
- Update semanage and split out seobject
- Fix labeleing of home_root
policycoreutils-rhat.patch:
scripts/genhomedircon | 6
semanage/Makefile | 4
semanage/semanage | 376 ++------------------------
semanage/seobject.py | 722 ++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 761 insertions(+), 347 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- policycoreutils-rhat.patch 5 Jan 2006 21:39:11 -0000 1.142
+++ policycoreutils-rhat.patch 10 Jan 2006 17:12:58 -0000 1.143
@@ -1,201 +1,381 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.4/semanage/semanage
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon
+--- nsapolicycoreutils/scripts/genhomedircon 2006-01-05 10:35:49.000000000 -0500
++++ policycoreutils-1.29.5/scripts/genhomedircon 2006-01-10 12:11:48.000000000 -0500
+@@ -144,7 +144,7 @@
+ for i in fd.read().split('\n'):
+ if i.find("HOME_ROOT") == 0:
+ i=i.replace("HOME_ROOT", homedir)
+- ret = i+"\n"
++ ret += i+"\n"
+ fd.close()
+ if ret=="":
+ errorExit("No Home Root Context Found")
+@@ -240,7 +240,7 @@
+ i=i.replace("HOME_DIR", home)
+ i=i.replace("ROLE", role)
+ i=i.replace("system_u", user)
+- ret = ret+i+"\n"
++ ret += i+"\n"
+ fd.close()
+ return ret
+
+@@ -252,7 +252,7 @@
+ i=i.replace("USER", user)
+ i=i.replace("ROLE", role)
+ i=i.replace("system_u", sel_user)
+- ret=ret+i+"\n"
++ ret = i+"\n"
+ fd.close()
+ return ret
+
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile
+--- nsapolicycoreutils/semanage/Makefile 2005-11-29 10:55:01.000000000 -0500
++++ policycoreutils-1.29.5/semanage/Makefile 2006-01-06 14:34:47.000000000 -0500
+@@ -2,6 +2,8 @@
+ PREFIX ?= ${DESTDIR}/usr
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR = $(PREFIX)/share/man
++PYLIBVER ?= python2.4
++PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+
+ TARGETS=semanage
+
+@@ -12,6 +14,8 @@
+ -mkdir -p $(SBINDIR)
+ install -m 755 semanage $(SBINDIR)
+ install -m 644 semanage.8 $(MANDIR)/man8
++ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
++ install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages
+
+ clean:
+
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500
-+++ policycoreutils-1.29.4/semanage/semanage 2006-01-05 16:27:42.000000000 -0500
-@@ -20,15 +20,20 @@
++++ policycoreutils-1.29.5/semanage/semanage 2006-01-06 14:41:04.000000000 -0500
+@@ -20,345 +20,9 @@
# 02111-1307 USA
#
#
-+
- import commands, sys, os, pwd, string, getopt, pwd
- from semanage import *;
+-import commands, sys, os, pwd, string, getopt, pwd
+-from semanage import *;
-class loginRecords:
-+class semanageRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-
-+class loginRecords(semanageRecords):
-+ def __init__(self):
-+ semanageRecords.__init__(self)
-+
- def add(self, name, sename, serange):
- if serange == "":
- serange = "s0"
-@@ -80,7 +85,7 @@
- if sename != "":
- semanage_seuser_set_sename(self.sh, u, sename)
- semanage_begin_transaction(self.sh)
+- def __init__(self):
+- self.sh = semanage_handle_create()
+- self.semanaged = semanage_is_managed(self.sh)
+- if self.semanaged:
+- semanage_connect(self.sh)
+-
+- def add(self, name, sename, serange):
+- if serange == "":
+- serange = "s0"
+- if sename == "":
+- sename = "user_u"
+-
+- (rc,k) = semanage_seuser_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s" % name)
+-
+- (rc,exists) = semanage_seuser_exists(self.sh, k)
+- if exists:
+- raise ValueError("SELinux User %s mapping already defined" % name)
+- try:
+- pwd.getpwnam(name)
+- except:
+- raise ValueError("Linux User %s does not exist" % name)
+-
+- (rc,u) = semanage_seuser_create(self.sh)
+- if rc < 0:
+- raise ValueError("Could not create seuser for %s" % name)
+-
+- semanage_seuser_set_name(self.sh, u, name)
+- semanage_seuser_set_mlsrange(self.sh, u, serange)
+- semanage_seuser_set_sename(self.sh, u, sename)
+- semanage_begin_transaction(self.sh)
+- semanage_seuser_add(self.sh, k, u)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to add SELinux user mapping")
+-
+- def modify(self, name, sename = "", serange = ""):
+- (rc,k) = semanage_seuser_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s" % name)
+-
+- if sename == "" and serange == "":
+- raise ValueError("Requires, seuser or serange")
+-
+- (rc,exists) = semanage_seuser_exists(self.sh, k)
+- if exists:
+- (rc,u) = semanage_seuser_query(self.sh, k)
+- if rc < 0:
+- raise ValueError("Could not query seuser for %s" % name)
+- else:
+- raise ValueError("SELinux user %s mapping is not defined." % name)
+-
+- if serange != "":
+- semanage_seuser_set_mlsrange(self.sh, u, serange)
+- if sename != "":
+- semanage_seuser_set_sename(self.sh, u, sename)
+- semanage_begin_transaction(self.sh)
- semanage_seuser_modify(self.sh, k, u)
-+ semanage_seuser_modify_local(self.sh, k, u)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to modify SELinux user mapping")
-
-@@ -107,13 +112,9 @@
- name = semanage_seuser_get_name(u)
- print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
-
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to modify SELinux user mapping")
+-
+-
+- def delete(self, name):
+- (rc,k) = semanage_seuser_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s" % name)
+-
+- (rc,exists) = semanage_seuser_exists(self.sh, k)
+- if not exists:
+- raise ValueError("SELinux user %s mapping is not defined." % name)
+- semanage_begin_transaction(self.sh)
+- semanage_seuser_del(self.sh, k)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("SELinux User %s mapping not defined" % name)
+-
+- def list(self,heading=1):
+- if heading:
+- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
+- (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
+- for idx in range(self.usize):
+- u = semanage_seuser_by_idx(self.ulist, idx)
+- name = semanage_seuser_get_name(u)
+- print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+-
-class seluserRecords:
-+class seluserRecords(semanageRecords):
- def __init__(self):
+- def __init__(self):
- roles = []
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-+ semanageRecords.__init__(self)
-
- def add(self, name, roles, selevel, serange):
- if serange == "":
-@@ -125,11 +126,9 @@
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
+-
+- def add(self, name, roles, selevel, serange):
+- if serange == "":
+- serange = "s0"
+- if selevel == "":
+- selevel = "s0"
+-
+- (rc,k) = semanage_user_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s" % name)
+-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ (rc,exists) = semanage_user_exists(self.sh, k)
- if not exists:
+- if not exists:
- (rc,exists) = semanage_user_exists(self.sh, k)
- if not exists:
- raise ValueError("SELinux user %s is already defined." % name)
-+ raise ValueError("SELinux user %s is already defined." % name)
-
- (rc,u) = semanage_user_create(self.sh)
- if rc < 0:
-@@ -157,15 +156,11 @@
- if rc < 0:
- raise ValueError("Could not create a key for %s" % name)
-
+-
+- (rc,u) = semanage_user_create(self.sh)
+- if rc < 0:
+- raise ValueError("Could not create login mapping for %s" % name)
+-
+- semanage_user_set_name(self.sh, u, name)
+- for r in roles:
+- semanage_user_add_role(self.sh, u, r)
+- semanage_user_set_mlsrange(self.sh, u, serange)
+- semanage_user_set_mlslevel(self.sh, u, selevel)
+- (rc,key) = semanage_user_key_extract(self.sh,u)
+- if rc < 0:
+- raise ValueError("Could not extract key for %s" % name)
+-
+- semanage_begin_transaction(self.sh)
+- semanage_user_add_local(self.sh, k, u)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to add SELinux user")
+-
+- def modify(self, name, roles = [], selevel = "", serange = ""):
+- if len(roles) == 0 and serange == "" and selevel == "":
+- raise ValueError("Requires, roles, level or range")
+-
+- (rc,k) = semanage_user_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s" % name)
+-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ (rc,exists) = semanage_user_exists(self.sh, k)
- if exists:
+- if exists:
- (rc,u) = semanage_user_query_local(self.sh, k)
-+ (rc,u) = semanage_user_query(self.sh, k)
- else:
+- else:
- (rc,exists) = semanage_user_exists(self.sh, k)
- if exists:
- (rc,u) = semanage_user_query(self.sh, k)
- else:
- raise ValueError("SELinux user %s mapping is not defined." % name)
-+ raise ValueError("SELinux user %s mapping is not defined locally." % name)
- if rc < 0:
- raise ValueError("Could not query user for %s" % name)
-
-@@ -185,10 +180,14 @@
- (rc,k) = semanage_user_key_create(self.sh, name)
- if rc < 0:
- raise ValueError("Could not crpppeate a key for %s" % name)
+- if rc < 0:
+- raise ValueError("Could not query user for %s" % name)
+-
+- if serange != "":
+- semanage_user_set_mlsrange(self.sh, u, serange)
+- if selevel != "":
+- semanage_user_set_mlslevel(self.sh, u, selevel)
+- if len(roles) < 0:
+- for r in roles:
+- semanage_user_add_role(self.sh, u, r)
+- semanage_begin_transaction(self.sh)
+- semanage_user_modify_local(self.sh, k, u)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to modify SELinux user")
+-
+- def delete(self, name):
+- (rc,k) = semanage_user_key_create(self.sh, name)
+- if rc < 0:
+- raise ValueError("Could not crpppeate a key for %s" % name)
-
- (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ (rc,exists) = semanage_user_exists(self.sh, k)
- if not exists:
- raise ValueError("user %s is not defined" % name)
-+ else:
-+ (rc,exists) = semanage_user_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("user %s is not defined locally, can not delete " % name)
-+
- semanage_begin_transaction(self.sh)
- semanage_user_del_local(self.sh, k)
- if semanage_commit(self.sh) < 0:
-@@ -211,12 +210,9 @@
- roles += " " + char_by_idx(rlist, ridx)
- print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
-
+- if not exists:
+- raise ValueError("user %s is not defined" % name)
+- semanage_begin_transaction(self.sh)
+- semanage_user_del_local(self.sh, k)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Login User %s not defined" % name)
+-
+- def list(self, heading=1):
+- if heading:
+- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
+- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+- (status, self.ulist, self.usize) = semanage_user_list(self.sh)
+- for idx in range(self.usize):
+- u = semanage_user_by_idx(self.ulist, idx)
+- name = semanage_user_get_name(u)
+- (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
+- roles = ""
+-
+- if rlist_size:
+- roles += char_by_idx(rlist, 0)
+- for ridx in range (1,rlist_size):
+- roles += " " + char_by_idx(rlist, ridx)
+- print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
+-
-class portRecords:
-+class portRecords(semanageRecords):
- def __init__(self):
+- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
- if self.semanaged:
- semanage_connect(self.sh)
-+ semanageRecords.__init__(self)
-
- def __genkey(self, port, proto):
- if proto == "tcp":
-@@ -236,7 +232,7 @@
- else:
- low=string.atoi(ports[0])
- high=string.atoi(ports[1])
+-
+- def __genkey(self, port, proto):
+- if proto == "tcp":
+- proto_d=SEMANAGE_PROTO_TCP
+- else:
+- if proto == "udp":
+- proto_d=SEMANAGE_PROTO_UDP
+- else:
+- raise ValueError("Protocol udp or tcp is required")
+- if port == "":
+- raise ValueError("Port is required")
-
-+
- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
- if rc < 0:
- raise ValueError("Could not create a key for %s/%s" % (proto, port))
-@@ -255,10 +251,6 @@
- if exists:
- raise ValueError("Port %s/%s already defined" % (proto, port))
-
+- ports=port.split("-")
+- if len(ports) == 1:
+- low=string.atoi(ports[0])
+- high=string.atoi(ports[0])
+- else:
+- low=string.atoi(ports[0])
+- high=string.atoi(ports[1])
+-
+- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
+- if rc < 0:
+- raise ValueError("Could not create a key for %s/%s" % (proto, port))
+- return ( k, proto_d, low, high )
+-
+- def add(self, port, proto, serange, type):
+- if serange == "":
+- serange="s0"
+-
+- if type == "":
+- raise ValueError("Type is required")
+-
+- ( k, proto_d, low, high ) = self.__genkey(port, proto)
+-
+- (rc,exists) = semanage_port_exists(self.sh, k)
+- if exists:
+- raise ValueError("Port %s/%s already defined" % (proto, port))
+-
- (rc,exists) = semanage_port_exists_local(self.sh, k)
- if exists:
- raise ValueError("Port %s/%s already defined locally" % (proto, port))
-
- (rc,p) = semanage_port_create(self.sh)
- if rc < 0:
- raise ValueError("Could not create port for %s/%s" % (proto, port))
-@@ -273,8 +265,8 @@
- semanage_context_set_role(self.sh, con, "object_r")
- semanage_context_set_type(self.sh, con, type)
- semanage_context_set_mls(self.sh, con, serange)
+- (rc,p) = semanage_port_create(self.sh)
+- if rc < 0:
+- raise ValueError("Could not create port for %s/%s" % (proto, port))
+-
+- semanage_port_set_proto(p, proto_d)
+- semanage_port_set_range(p, low, high)
+- (rc, con) = semanage_context_create(self.sh)
+- if rc < 0:
+- raise ValueError("Could not create context for %s/%s" % (proto, port))
+-
+- semanage_context_set_user(self.sh, con, "system_u")
+- semanage_context_set_role(self.sh, con, "object_r")
+- semanage_context_set_type(self.sh, con, type)
+- semanage_context_set_mls(self.sh, con, serange)
- semanage_port_set_con(p, con)
- semanage_begin_transaction(self.sh)
-+ semanage_port_set_con(p, con)
- semanage_port_add_local(self.sh, k, p)
- if semanage_commit(self.sh) < 0:
- raise ValueError("Failed to add port")
-@@ -285,25 +277,23 @@
-
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
-
+- semanage_begin_transaction(self.sh)
+- semanage_port_add_local(self.sh, k, p)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to add port")
+-
+- def modify(self, port, proto, serange, setype):
+- if serange == "" and setype == "":
+- raise ValueError("Requires, setype or serange")
+-
+- ( k, proto_d, low, high ) = self.__genkey(port, proto)
+-
- (rc,exists) = semanage_port_exists_local(self.sh, k)
-+ (rc,exists) = semanage_port_exists(self.sh, k)
- if exists:
+- if exists:
- (rc,p) = semanage_port_query_local(self.sh, k)
- (rc,exists) = semanage_port_exists(self.sh, k)
- if exists:
- (rc,p) = semanage_port_query(self.sh, k)
- else:
- raise ValueError("port %s/%s is not defined." % (proto,port))
-+ (rc,p) = semanage_port_query(self.sh, k)
-+ else:
-+ raise ValueError("port %s/%s is not defined." % (proto,port))
++import sys, getopt
++import seobject
- if rc < 0:
- raise ValueError("Could not query port for %s/%s" % (proto, port))
-
- con = semanage_port_get_con(p)
+- if rc < 0:
+- raise ValueError("Could not query port for %s/%s" % (proto, port))
+-
+- con = semanage_port_get_con(p)
- semanage_context_set_mls(self.sh, con, serange)
-+ if rc < 0:
-+ raise ValueError("Could not get port context for %s/%s" % (proto, port))
-+
- if serange != "":
- semanage_context_set_mls(self.sh, con, serange)
- if setype != "":
- semanage_context_set_type(self.sh, con, setype)
+- if serange != "":
+- semanage_context_set_mls(self.sh, con, serange)
+- if setype != "":
+- semanage_context_set_type(self.sh, con, setype)
- semanage_port_set_con(p, con)
- semanage_begin_transaction(self.sh)
- semanage_port_modify_local(self.sh, k, p)
- if semanage_commit(self.sh) < 0:
-@@ -311,9 +301,13 @@
-
- def delete(self, port, proto):
- ( k, proto_d, low, high ) = self.__genkey(port, proto)
+- semanage_begin_transaction(self.sh)
+- semanage_port_modify_local(self.sh, k, p)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Failed to add port")
+-
+- def delete(self, port, proto):
+- ( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists_local(self.sh, k)
-+ (rc,exists) = semanage_port_exists(self.sh, k)
- if not exists:
+- if not exists:
- raise ValueError("port %s/%s is not defined localy." % (proto,port))
-+ raise ValueError("port %s/%s is not defined." % (proto,port))
-+ else:
-+ (rc,exists) = semanage_port_exists_local(self.sh, k)
-+ if not exists:
-+ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
-
- semanage_begin_transaction(self.sh)
- semanage_port_del_local(self.sh, k)
-@@ -338,27 +332,116 @@
- dict[(name,proto)].append("%d" % low)
- else:
- dict[(name,proto)].append("%d-%d" % (low, high))
+-
+- semanage_begin_transaction(self.sh)
+- semanage_port_del_local(self.sh, k)
+- if semanage_commit(self.sh) < 0:
+- raise ValueError("Port %s/%s not defined" % (proto,port))
+-
+- def list(self, heading=1):
+- (status, self.plist, self.psize) = semanage_port_list(self.sh)
+- if heading:
+- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
+- dict={}
+- for idx in range(self.psize):
+- u = semanage_port_by_idx(self.plist, idx)
+- con = semanage_port_get_con(u)
+- name = semanage_context_get_type(con)
+- proto=semanage_port_get_proto_str(u)
+- low=semanage_port_get_low(u)
+- high = semanage_port_get_high(u)
+- if (name, proto) not in dict.keys():
+- dict[(name,proto)]=[]
+- if low == high:
+- dict[(name,proto)].append("%d" % low)
+- else:
+- dict[(name,proto)].append("%d-%d" % (low, high))
- (status, self.plist, self.psize) = semanage_port_list_local(self.sh)
- for idx in range(self.psize):
- u = semanage_port_by_idx(self.plist, idx)
@@ -211,15 +391,483 @@
- else:
- dict[(name,proto)].append("%d-%d" % (low, high))
- for i in dict.keys():
+- rec = "%-30s %-8s " % i
+- rec += "%s" % dict[i][0]
+- for p in dict[i][1:]:
+- rec += ", %s" % p
+- print rec
+-
+ if __name__ == '__main__':
+
+ def usage(message = ""):
+@@ -366,8 +30,11 @@
+ semanage user [-admsRrh] SELINUX_USER\n\
+ semanage login [-admsrh] LOGIN_NAME\n\
+ semanage port [-admth] PORT | PORTRANGE\n\
++semanage interface [-admth] INTERFACE\n\
++semanage fcontext [-admhfst] INTERFACE\n\
+ -a, --add Add a OBJECT record NAME\n\
+ -d, --delete Delete a OBJECT record NAME\n\
++ -f, --ftype File Type of OBJECT \n\
+ -h, --help display this message\n\
+ -l, --list List the OBJECTS\n\
+ -n, --noheading Do not print heading when listing OBJECTS\n\
+@@ -391,7 +58,7 @@
+ #
+ #
+ try:
+- objectlist = ("login", "user", "port")
++ objectlist = ("login", "user", "port", "interface", "fcontext")
+ input = sys.stdin
+ output = sys.stdout
+ serange = ""
+@@ -399,6 +66,7 @@
+ proto = ""
+ selevel = ""
+ setype = ""
++ ftype = ""
+ roles = ""
+ seuser = ""
+ heading=1
+@@ -416,9 +84,10 @@
+
+ args = sys.argv[2:]
+ gopts, cmds = getopt.getopt(args,
+- 'adlhmnp:P:s:R:r:t:v',
++ 'adf:lhmnp:P:s:R:r:t:v',
+ ['add',
+ 'delete',
++ 'ftype=',
+ 'help',
+ 'list',
+ 'modify',
+@@ -441,6 +110,8 @@
+ if modify or add:
+ usage()
+ delete = 1
++ if o == "-f" or o == "--ftype":
++ ftype=a
+ if o == "-h" or o == "--help":
+ usage()
+
+@@ -474,13 +145,19 @@
+ verbose = 1
+
+ if object == "login":
+- OBJECT = loginRecords()
++ OBJECT = seobject.loginRecords()
+
+ if object == "user":
+- OBJECT = seluserRecords()
++ OBJECT = seobject.seluserRecords()
+
+ if object == "port":
+- OBJECT = portRecords()
++ OBJECT = seobject.portRecords()
++
++ if object == "interface":
++ OBJECT = seobject.interfaceRecords()
++
++ if object == "fcontext":
++ OBJECT = seobject.fcontextRecords()
+
+ if list:
+ OBJECT.list(heading)
+@@ -504,6 +181,11 @@
+ if object == "port":
+ OBJECT.add(target, proto, serange, setype)
+
++ if object == "interface":
++ OBJECT.add(target, serange, setype)
++
++ if object == "fcontext":
++ OBJECT.add(target, setype, ftype, serange, seuser)
+ sys.exit(0);
+
+ if modify:
+@@ -516,7 +198,13 @@
+
+ if object == "port":
+ OBJECT.modify(target, proto, serange, setype)
+- sys.exit(0);
++
++ if object == "interface":
++ OBJECT.modify(target, serange, setype)
++
++ if object == "fcontext":
++ OBJECT.modify(target, setype, ftype, serange, seuser)
++
+ sys.exit(0);
+
+ if delete:
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-1.29.5/semanage/seobject.py 2006-01-06 14:30:39.000000000 -0500
+@@ -0,0 +1,722 @@
++#! /usr/bin/env python
++# Copyright (C) 2005 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# semanage is a tool for managing SELinux configuration files
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
++#
++#
++
++import pwd, string
++from semanage import *;
++class semanageRecords:
++ def __init__(self):
++ self.sh = semanage_handle_create()
++ self.semanaged = semanage_is_managed(self.sh)
++ if self.semanaged:
++ semanage_connect(self.sh)
++
++class loginRecords(semanageRecords):
++ def __init__(self):
++ semanageRecords.__init__(self)
++
++ def add(self, name, sename, serange):
++ if serange == "":
++ serange = "s0"
++ if sename == "":
++ sename = "user_u"
++
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s" % name)
++
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if exists:
++ raise ValueError("SELinux User %s mapping already defined" % name)
++ try:
++ pwd.getpwnam(name)
++ except:
++ raise ValueError("Linux User %s does not exist" % name)
++
++ (rc,u) = semanage_seuser_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create seuser for %s" % name)
++
++ semanage_seuser_set_name(self.sh, u, name)
++ semanage_seuser_set_mlsrange(self.sh, u, serange)
++ semanage_seuser_set_sename(self.sh, u, sename)
++ semanage_begin_transaction(self.sh)
++ semanage_seuser_add(self.sh, k, u)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add SELinux user mapping")
++
++ def modify(self, name, sename = "", serange = ""):
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s" % name)
++
++ if sename == "" and serange == "":
++ raise ValueError("Requires, seuser or serange")
++
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if exists:
++ (rc,u) = semanage_seuser_query(self.sh, k)
++ if rc < 0:
++ raise ValueError("Could not query seuser for %s" % name)
++ else:
++ raise ValueError("SELinux user %s mapping is not defined." % name)
++
++ if serange != "":
++ semanage_seuser_set_mlsrange(self.sh, u, serange)
++ if sename != "":
++ semanage_seuser_set_sename(self.sh, u, sename)
++ semanage_begin_transaction(self.sh)
++ semanage_seuser_modify_local(self.sh, k, u)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to modify SELinux user mapping")
++ def delete(self, name):
++ (rc,k) = semanage_seuser_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s" % name)
++
++ (rc,exists) = semanage_seuser_exists(self.sh, k)
++ if not exists:
++ raise ValueError("SELinux user %s mapping is not defined." % name)
++ semanage_begin_transaction(self.sh)
++ semanage_seuser_del(self.sh, k)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("SELinux User %s mapping not defined" % name)
++
++ def get_all(self):
++ dict={}
++ (status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
++ for idx in range(self.usize):
++ u = semanage_seuser_by_idx(self.ulist, idx)
++ name = semanage_seuser_get_name(u)
++ dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
++ return dict
++
++ def list(self,heading=1):
++ if heading:
++ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
++ dict=self.get_all()
++ keys=dict.keys()
++ keys.sort()
++ for k in keys:
++ print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
++
++class seluserRecords(semanageRecords):
++ def __init__(self):
++ semanageRecords.__init__(self)
++
++ def add(self, name, roles, selevel, serange):
++ if serange == "":
++ serange = "s0"
++ if selevel == "":
++ selevel = "s0"
++
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s" % name)
++
++ (rc,exists) = semanage_user_exists(self.sh, k)
++ if not exists:
++ raise ValueError("SELinux user %s is already defined." % name)
++
++ (rc,u) = semanage_user_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create login mapping for %s" % name)
++
++ semanage_user_set_name(self.sh, u, name)
++ for r in roles:
++ semanage_user_add_role(self.sh, u, r)
++ semanage_user_set_mlsrange(self.sh, u, serange)
++ semanage_user_set_mlslevel(self.sh, u, selevel)
++ (rc,key) = semanage_user_key_extract(self.sh,u)
++ if rc < 0:
++ raise ValueError("Could not extract key for %s" % name)
++
++ semanage_begin_transaction(self.sh)
++ semanage_user_add_local(self.sh, k, u)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add SELinux user")
++
++ def modify(self, name, roles = [], selevel = "", serange = ""):
++ if len(roles) == 0 and serange == "" and selevel == "":
++ raise ValueError("Requires, roles, level or range")
++
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s" % name)
++
++ (rc,exists) = semanage_user_exists(self.sh, k)
++ if exists:
++ (rc,u) = semanage_user_query(self.sh, k)
++ else:
++ raise ValueError("SELinux user %s mapping is not defined locally." % name)
++ if rc < 0:
++ raise ValueError("Could not query user for %s" % name)
++
++ if serange != "":
++ semanage_user_set_mlsrange(self.sh, u, serange)
++ if selevel != "":
++ semanage_user_set_mlslevel(self.sh, u, selevel)
++ if len(roles) != 0:
++ for r in roles:
++ semanage_user_add_role(self.sh, u, r)
++ semanage_begin_transaction(self.sh)
++ semanage_user_modify_local(self.sh, k, u)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to modify SELinux user")
++
++ def delete(self, name):
++ (rc,k) = semanage_user_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError("Could not crpppeate a key for %s" % name)
++ (rc,exists) = semanage_user_exists(self.sh, k)
++ if not exists:
++ raise ValueError("user %s is not defined" % name)
++ else:
++ (rc,exists) = semanage_user_exists_local(self.sh, k)
++ if not exists:
++ raise ValueError("user %s is not defined locally, can not delete " % name)
++
++ semanage_begin_transaction(self.sh)
++ semanage_user_del_local(self.sh, k)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Login User %s not defined" % name)
++
++ def get_all(self):
++ dict={}
++ (status, self.ulist, self.usize) = semanage_user_list(self.sh)
++ for idx in range(self.usize):
++ u = semanage_user_by_idx(self.ulist, idx)
++ name = semanage_user_get_name(u)
++ (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
++ roles = ""
++
++ if rlist_size:
++ roles += char_by_idx(rlist, 0)
++ for ridx in range (1,rlist_size):
++ roles += " " + char_by_idx(rlist, ridx)
++ dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
++
++ return dict
++
++ def list(self, heading=1):
++ if heading:
++ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
++ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
++ dict=self.get_all()
++ keys=dict.keys()
++ keys.sort()
++ for k in keys:
++ print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
++
++class portRecords(semanageRecords):
++ def __init__(self):
++ semanageRecords.__init__(self)
++
++ def __genkey(self, port, proto):
++ if proto == "tcp":
++ proto_d=SEMANAGE_PROTO_TCP
++ else:
++ if proto == "udp":
++ proto_d=SEMANAGE_PROTO_UDP
++ else:
++ raise ValueError("Protocol udp or tcp is required")
++ if port == "":
++ raise ValueError("Port is required")
++
++ ports=port.split("-")
++ if len(ports) == 1:
++ low=string.atoi(ports[0])
++ high=string.atoi(ports[0])
++ else:
++ low=string.atoi(ports[0])
++ high=string.atoi(ports[1])
++
++ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
++ if rc < 0:
++ raise ValueError("Could not create a key for %s/%s" % (proto, port))
++ return ( k, proto_d, low, high )
++
++ def add(self, port, proto, serange, type):
++ if serange == "":
++ serange="s0"
++
++ if type == "":
++ raise ValueError("Type is required")
++
++ ( k, proto_d, low, high ) = self.__genkey(port, proto)
++
++ (rc,exists) = semanage_port_exists(self.sh, k)
++ if exists:
++ raise ValueError("Port %s/%s already defined" % (proto, port))
++
++ (rc,p) = semanage_port_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create port for %s/%s" % (proto, port))
++
++ semanage_port_set_proto(p, proto_d)
++ semanage_port_set_range(p, low, high)
++ (rc, con) = semanage_context_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create context for %s/%s" % (proto, port))
++
++ semanage_context_set_user(self.sh, con, "system_u")
++ semanage_context_set_role(self.sh, con, "object_r")
++ semanage_context_set_type(self.sh, con, type)
++ semanage_context_set_mls(self.sh, con, serange)
++ semanage_begin_transaction(self.sh)
++ semanage_port_set_con(p, con)
++ semanage_port_add_local(self.sh, k, p)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add port")
++
++ def modify(self, port, proto, serange, setype):
++ if serange == "" and setype == "":
++ raise ValueError("Requires, setype or serange")
++
++ ( k, proto_d, low, high ) = self.__genkey(port, proto)
++
++ (rc,exists) = semanage_port_exists(self.sh, k)
++ if exists:
++ (rc,p) = semanage_port_query(self.sh, k)
++ else:
++ raise ValueError("port %s/%s is not defined." % (proto,port))
++
++ if rc < 0:
++ raise ValueError("Could not query port for %s/%s" % (proto, port))
++
++ con = semanage_port_get_con(p)
++ if rc < 0:
++ raise ValueError("Could not get port context for %s/%s" % (proto, port))
++
++ if serange != "":
++ semanage_context_set_mls(self.sh, con, serange)
++ if setype != "":
++ semanage_context_set_type(self.sh, con, setype)
++ semanage_begin_transaction(self.sh)
++ semanage_port_modify_local(self.sh, k, p)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add port")
++
++ def delete(self, port, proto):
++ ( k, proto_d, low, high ) = self.__genkey(port, proto)
++ (rc,exists) = semanage_port_exists(self.sh, k)
++ if not exists:
++ raise ValueError("port %s/%s is not defined." % (proto,port))
++ else:
++ (rc,exists) = semanage_port_exists_local(self.sh, k)
++ if not exists:
++ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
++
++ semanage_begin_transaction(self.sh)
++ semanage_port_del_local(self.sh, k)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Port %s/%s not defined" % (proto,port))
++
++ def get_all(self):
++ dict={}
++ (status, self.plist, self.psize) = semanage_port_list(self.sh)
++ for idx in range(self.psize):
++ u = semanage_port_by_idx(self.plist, idx)
++ con = semanage_port_get_con(u)
++ name = semanage_context_get_type(con)
++ proto=semanage_port_get_proto_str(u)
++ low=semanage_port_get_low(u)
++ high = semanage_port_get_high(u)
++ if (name, proto) not in dict.keys():
++ dict[(name,proto)]=[]
++ if low == high:
++ dict[(name,proto)].append("%d" % low)
++ else:
++ dict[(name,proto)].append("%d-%d" % (low, high))
++ return dict
++
++ def list(self, heading=1):
++ if heading:
++ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
++ dict=self.get_all()
+ keys=dict.keys()
+ keys.sort()
+ for i in keys:
- rec = "%-30s %-8s " % i
- rec += "%s" % dict[i][0]
- for p in dict[i][1:]:
- rec += ", %s" % p
- print rec
-
++ rec = "%-30s %-8s " % i
++ rec += "%s" % dict[i][0]
++ for p in dict[i][1:]:
++ rec += ", %s" % p
++ print rec
++
+class interfaceRecords(semanageRecords):
+ def __init__(self):
+ semanageRecords.__init__(self)
@@ -229,7 +877,7 @@
+ serange="s0"
+
+ if type == "":
-+ raise ValueError("Type is required")
++ raise ValueError("SELinux Type is required")
+
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
+ if rc < 0:
@@ -305,71 +953,276 @@
+ if semanage_commit(self.sh) < 0:
+ raise ValueError("Interface %s not defined" % interface)
+
-+ def list(self, heading=1):
++ def get_all(self):
++ dict={}
+ (status, self.plist, self.psize) = semanage_iface_list(self.sh)
+ if status < 0:
+ raise ValueError("Unable to list interfaces")
++ for idx in range(self.psize):
++ interface = semanage_iface_by_idx(self.plist, idx)
++ con = semanage_iface_get_ifcon(interface)
++ dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
++
++ return dict
+
++ def list(self, heading=1):
+ if heading:
+ print "%-30s %s\n" % ("SELinux Interface", "Context")
++ dict=self.get_all()
++ keys=dict.keys()
++ keys.sort()
++ for k in keys:
++ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
++
++class fcontextRecords(semanageRecords):
++ def __init__(self):
++ semanageRecords.__init__(self)
++ self.file_types={}
++ self.file_types[""] = SEMANAGE_FCONTEXT_ALL;
++ self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
++ self.file_types["--"] = SEMANAGE_FCONTEXT_REG;
++ self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
++ self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
++ self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
++ self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
++ self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
++ self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
++ self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
++ self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
++ self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
++ self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
++ self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
++ self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
++
++
++ def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
++ if seuser == "":
++ seuser="system_u"
++
++ if serange == "":
++ serange="s0"
++
++ if type == "":
++ raise ValueError("SELinux Type is required")
++
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't create key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ print (rc, exists, target)
++ if exists:
++ raise ValueError("fcontext %s already defined" % target)
++ (rc,fcontext) = semanage_fcontext_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create fcontext for %s" % target)
++
++ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
++ (rc, con) = semanage_context_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create context for %s" % target)
++
++ semanage_context_set_user(self.sh, con, seuser)
++ semanage_context_set_role(self.sh, con, "object_r")
++ semanage_context_set_type(self.sh, con, type)
++ semanage_context_set_mls(self.sh, con, serange)
++ semanage_fcontext_set_type(fcontext, self.file_types[ftype])
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_set_con(fcontext, con)
++ semanage_fcontext_add_local(self.sh, k, fcontext)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add fcontext")
++
++ def modify(self, target, setype, ftype, serange, seuser):
++ if serange == "" and setype == "" and seuser == "":
++ raise ValueError("Requires, setype, serange or seuser")
++
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't creater key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ if exists:
++ (rc,p) = semanage_fcontext_query(self.sh, k)
++ else:
++ raise ValueError("fcontext %s is not defined." % target)
++ if rc < 0:
++ raise ValueError("Could not query fcontext for %s" % target)
++ con = semanage_fcontext_get_con(p)
++ if rc < 0:
++ raise ValueError("Could not get fcontext context for %s" % target)
++
++ if serange != "":
++ semanage_context_set_mls(self.sh, con, serange)
++ if seuser != "":
++ semanage_context_set_user(self.sh, con, seuser)
++ if setype != "":
++ semanage_context_set_type(self.sh, con, setype)
++
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_modify_local(self.sh, k, p)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add fcontext")
++
++ def delete(self, target):
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't create key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ if not exists:
++ raise ValueError("fcontext %s is not defined." % target)
++ else:
++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
++ if not exists:
++ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
++
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_del_local(self.sh, k)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("fcontext %s not defined" % target)
++
++ def get_all(self):
+ dict={}
++ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
++ if status < 0:
++ raise ValueError("Unable to list fcontexts")
++
+ for idx in range(self.psize):
-+ iface = semanage_iface_by_idx(self.plist, idx)
-+ name = semanage_iface_get_name(iface)
-+ con = semanage_iface_get_ifcon(iface)
++ fcontext = semanage_fcontext_by_idx(self.plist, idx)
++ expr=semanage_fcontext_get_expr(fcontext)
++ ftype=semanage_fcontext_get_type_str(fcontext)
++ con = semanage_fcontext_get_con(fcontext)
++ if con:
++ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
++ else:
++ dict[expr, ftype]=con
+
++ return dict
++
++ def list(self, heading=1):
++ if heading:
++ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
++ dict=self.get_all()
++ keys=dict.keys()
++ for k in keys:
++ if dict[k]:
++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
++ else:
++ print "%-50s %-18s <<None>>" % (k[0], k[1])
++
++class booleanRecords(semanageRecords):
++ def __init__(self):
++ semanageRecords.__init__(self)
++
++ def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
++ if seuser == "":
++ seuser="system_u"
++
++ if serange == "":
++ serange="s0"
++
++ if type == "":
++ raise ValueError("SELinux Type is required")
++
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't create key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ print (rc, exists, target)
++ if exists:
++ raise ValueError("fcontext %s already defined" % target)
++ (rc,fcontext) = semanage_fcontext_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create fcontext for %s" % target)
++
++ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
++ (rc, con) = semanage_context_create(self.sh)
++ if rc < 0:
++ raise ValueError("Could not create context for %s" % target)
++
++ semanage_context_set_user(self.sh, con, seuser)
++ semanage_context_set_role(self.sh, con, "object_r")
++ semanage_context_set_type(self.sh, con, type)
++ semanage_context_set_mls(self.sh, con, serange)
++ semanage_fcontext_set_type(fcontext, self.file_types[ftype])
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_set_con(fcontext, con)
++ semanage_fcontext_add_local(self.sh, k, fcontext)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add fcontext")
++
++ def modify(self, target, setype, ftype, serange, seuser):
++ if serange == "" and setype == "" and seuser == "":
++ raise ValueError("Requires, setype, serange or seuser")
+
-+ print "%-30s %s:%s:%s:%s " % (name,semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't creater key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ if exists:
++ (rc,p) = semanage_fcontext_query(self.sh, k)
++ else:
++ raise ValueError("fcontext %s is not defined." % target)
++ if rc < 0:
++ raise ValueError("Could not query fcontext for %s" % target)
++ con = semanage_fcontext_get_con(p)
++ if rc < 0:
++ raise ValueError("Could not get fcontext context for %s" % target)
+
- if __name__ == '__main__':
-
- def usage(message = ""):
-@@ -366,6 +449,7 @@
- semanage user [-admsRrh] SELINUX_USER\n\
- semanage login [-admsrh] LOGIN_NAME\n\
- semanage port [-admth] PORT | PORTRANGE\n\
-+semanage interface [-admth] INTERFACE\n\
- -a, --add Add a OBJECT record NAME\n\
- -d, --delete Delete a OBJECT record NAME\n\
- -h, --help display this message\n\
-@@ -391,7 +475,7 @@
- #
- #
- try:
-- objectlist = ("login", "user", "port")
-+ objectlist = ("login", "user", "port", "interface")
- input = sys.stdin
- output = sys.stdout
- serange = ""
-@@ -482,6 +566,9 @@
- if object == "port":
- OBJECT = portRecords()
-
-+ if object == "interface":
-+ OBJECT = interfaceRecords()
++ if serange != "":
++ semanage_context_set_mls(self.sh, con, serange)
++ if seuser != "":
++ semanage_context_set_user(self.sh, con, seuser)
++ if setype != "":
++ semanage_context_set_type(self.sh, con, setype)
++
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_modify_local(self.sh, k, p)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("Failed to add fcontext")
+
- if list:
- OBJECT.list(heading)
- sys.exit(0);
-@@ -504,6 +591,9 @@
- if object == "port":
- OBJECT.add(target, proto, serange, setype)
-
-+ if object == "interface":
-+ OBJECT.add(target, serange, setype)
++ def delete(self, target):
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
++ if rc < 0:
++ raise ValueError("Can't create key for %s" % target)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
++ if not exists:
++ raise ValueError("fcontext %s is not defined." % target)
++ else:
++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
++ if not exists:
++ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target)
+
- sys.exit(0);
-
- if modify:
-@@ -516,7 +606,10 @@
-
- if object == "port":
- OBJECT.modify(target, proto, serange, setype)
-- sys.exit(0);
++ semanage_begin_transaction(self.sh)
++ semanage_fcontext_del_local(self.sh, k)
++ if semanage_commit(self.sh) < 0:
++ raise ValueError("fcontext %s not defined" % target)
++
++ def get_all(self):
++ dict={}
++ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh)
++ if status < 0:
++ raise ValueError("Unable to list fcontexts")
+
-+ if object == "interface":
-+ OBJECT.modify(target, serange, setype)
++ for idx in range(self.psize):
++ fcontext = semanage_fcontext_by_idx(self.plist, idx)
++ expr=semanage_fcontext_get_expr(fcontext)
++ ftype=semanage_fcontext_get_type_str(fcontext)
++ con = semanage_fcontext_get_con(fcontext)
++ if con:
++ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
++ else:
++ dict[expr, ftype]=con
+
- sys.exit(0);
-
- if delete:
++ return dict
++
++ def list(self, heading=1):
++ if heading:
++ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context")
++ dict=self.get_all()
++ keys=dict.keys()
++ for k in keys:
++ if dict[k]:
++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
++ else:
++ print "%-50s %-18s <<None>>" % (k[0], k[1])
++
++
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.211
retrieving revision 1.212
diff -u -r1.211 -r1.212
--- policycoreutils.spec 5 Jan 2006 21:52:31 -0000 1.211
+++ policycoreutils.spec 10 Jan 2006 17:12:58 -0000 1.212
@@ -4,7 +4,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.5
-Release: 1
+Release: 2
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -47,7 +47,7 @@
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d
-make DESTDIR="${RPM_BUILD_ROOT}" install
+make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" install
%find_lang %{name}
@@ -94,8 +94,13 @@
%config %{_sysconfdir}/pam.d/newrole
%config %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
+%{_libdir}/python2.4/site-packages/seobject.py*
%changelog
+* Tue Jan 10 2006 Dan Walsh <dwalsh at redhat.com> 1.29.5-2
+- Update semanage and split out seobject
+- Fix labeleing of home_root
+
* Thu Jan 5 2006 Dan Walsh <dwalsh at redhat.com> 1.29.5-1
- Update to match NSA
* Added filename to semodule error reporting.
- Previous message (by thread): rpms/perl-HTML-Tagset/devel .cvsignore, 1.4, 1.5 perl-HTML-Tagset.spec, 1.10, 1.11 sources, 1.4, 1.5
- Next message (by thread): rpms/perl-Devel-Symdump/devel .cvsignore, 1.3, 1.4 perl-Devel-Symdump.spec, 1.10, 1.11 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list