*** empty log message ***
This commit is contained in:
parent
51ac56c9cb
commit
239bbcc0d5
@ -1,55 +1,485 @@
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.15/scripts/genhomedircon
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-27 20:35:37.000000000 -0500
|
||||
+++ policycoreutils-1.29.15/scripts/genhomedircon 2006-01-30 11:49:16.000000000 -0500
|
||||
@@ -38,6 +38,17 @@
|
||||
except:
|
||||
VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.18/semanage/seobject.py
|
||||
--- nsapolicycoreutils/semanage/seobject.py 2006-02-02 12:08:04.000000000 -0500
|
||||
+++ policycoreutils-1.29.18/semanage/seobject.py 2006-02-03 09:57:03.000000000 -0500
|
||||
@@ -21,8 +21,11 @@
|
||||
#
|
||||
#
|
||||
|
||||
+def grep(file, var):
|
||||
+ ret=""
|
||||
+ fd=open(file, 'r')
|
||||
-import pwd, string, selinux, tempfile, os, re
|
||||
+import pwd, string, selinux, tempfile, os, re, sys
|
||||
from semanage import *;
|
||||
+import audit
|
||||
+
|
||||
+ for i in fd.read().split('\n'):
|
||||
+ if re.search(var, i, 0) != None:
|
||||
+ ret=i
|
||||
+ break
|
||||
+ fd.close()
|
||||
+ return ret
|
||||
+
|
||||
def findval(file, var, delim=""):
|
||||
val=""
|
||||
+audit_fd=audit.audit_open()
|
||||
|
||||
def validate_level(raw):
|
||||
sensitivity="s([0-9]|1[0-5])"
|
||||
@@ -170,119 +173,143 @@
|
||||
if sename == "":
|
||||
sename = "user_u"
|
||||
|
||||
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
-
|
||||
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
- if exists:
|
||||
- raise ValueError("Login mapping for %s is already defined" % name)
|
||||
try:
|
||||
@@ -87,6 +98,12 @@
|
||||
- pwd.getpwnam(name)
|
||||
- except:
|
||||
- raise ValueError("Linux User %s does not exist" % name)
|
||||
-
|
||||
- (rc,u) = semanage_seuser_create(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create login mapping for %s" % name)
|
||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
if ret == []:
|
||||
ret.append("/home")
|
||||
- rc = semanage_seuser_set_name(self.sh, u, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set name for %s" % name)
|
||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
+ if exists:
|
||||
+ raise ValueError("Login mapping for %s is already defined" % name)
|
||||
+ try:
|
||||
+ pwd.getpwnam(name)
|
||||
+ except:
|
||||
+ raise ValueError("Linux User %s does not exist" % name)
|
||||
|
||||
- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set MLS range for %s" % name)
|
||||
+ (rc,u) = semanage_seuser_create(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create login mapping for %s" % name)
|
||||
|
||||
- rc = semanage_seuser_set_sename(self.sh, u, sename)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set SELinux user for %s" % name)
|
||||
+ rc = semanage_seuser_set_name(self.sh, u, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not set name for %s" % name)
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not start semanage transaction")
|
||||
+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not set MLS range for %s" % name)
|
||||
|
||||
- rc = semanage_seuser_modify_local(self.sh, k, u)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not add login mapping for %s" % name)
|
||||
+ rc = semanage_seuser_set_sename(self.sh, u, sename)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not set SELinux user for %s" % name)
|
||||
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not add login mapping for %s" % name)
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not start semanage transaction")
|
||||
|
||||
+ rc = semanage_seuser_modify_local(self.sh, k, u)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not add login mapping for %s" % name)
|
||||
+
|
||||
+ # Add /export/home if it exists
|
||||
+ # Some customers use this for automounted homedirs
|
||||
+ if os.path.exists("/export/home"):
|
||||
+ ret.append("/export/home")
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not add login mapping for %s" % name)
|
||||
+
|
||||
return ret
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
+
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"adding selinux user mapping",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_seuser_key_free(k)
|
||||
semanage_seuser_free(u)
|
||||
|
||||
def getSELinuxType(directory):
|
||||
@@ -168,9 +185,9 @@
|
||||
return "user_r"
|
||||
return name
|
||||
def getOldRole(self, role):
|
||||
- rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s"' % role, "=")
|
||||
+ rc=grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % role)
|
||||
if rc == "":
|
||||
- rc=findval(self.selinuxdir+self.type+"/users/local.users", 'grep "^user %s"' % role, "=")
|
||||
+ rc=grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % role)
|
||||
if rc != "":
|
||||
user=rc.split()
|
||||
role = user[3]
|
||||
@@ -259,7 +276,7 @@
|
||||
return ret
|
||||
def modify(self, name, sename = "", serange = ""):
|
||||
- if sename == "" and serange == "":
|
||||
- raise ValueError("Requires seuser or serange")
|
||||
+ try:
|
||||
+ if sename == "" and serange == "":
|
||||
+ raise ValueError("Requires seuser or serange")
|
||||
|
||||
def genHomeDirContext(self):
|
||||
- if self.semanaged and findval(self.getHomeDirTemplate(), "ROLE", "=") != "":
|
||||
+ if self.semanaged and grep(self.getHomeDirTemplate(), "ROLE") != "":
|
||||
warning("genhomedircon: Warning! No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate());
|
||||
warning("genhomedircon: You must manually update file_contexts.homedirs for any non-user_r users (including root).");
|
||||
users = self.getUsers()
|
||||
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("Login mapping for %s is not defined" % name)
|
||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("Login mapping for %s is not defined" % name)
|
||||
|
||||
- (rc,u) = semanage_seuser_query(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not query seuser for %s" % name)
|
||||
+ (rc,u) = semanage_seuser_query(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not query seuser for %s" % name)
|
||||
|
||||
- if serange != "":
|
||||
- semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
|
||||
- if sename != "":
|
||||
- semanage_seuser_set_sename(self.sh, u, sename)
|
||||
+ if serange != "":
|
||||
+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
|
||||
+ if sename != "":
|
||||
+ semanage_seuser_set_sename(self.sh, u, sename)
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not srart semanage transaction")
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not srart semanage transaction")
|
||||
|
||||
- rc = semanage_seuser_modify_local(self.sh, k, u)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not modify login mapping for %s" % name)
|
||||
-
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not modify login mapping for %s" % name)
|
||||
+ rc = semanage_seuser_modify_local(self.sh, k, u)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not modify login mapping for %s" % name)
|
||||
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not modify login mapping for %s" % name)
|
||||
+
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
+
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"modify selinux user mapping",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_seuser_key_free(k)
|
||||
semanage_seuser_free(u)
|
||||
|
||||
def delete(self, name):
|
||||
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
+ try:
|
||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("Login mapping for %s is not defined" % name)
|
||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("Login mapping for %s is not defined" % name)
|
||||
|
||||
- (rc,exists) = semanage_seuser_exists_local(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
|
||||
+ (rc,exists) = semanage_seuser_exists_local(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not start semanage transaction")
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not start semanage transaction")
|
||||
|
||||
- rc = semanage_seuser_del_local(self.sh, k)
|
||||
+ rc = semanage_seuser_del_local(self.sh, k)
|
||||
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not delete login mapping for %s" % name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not delete login mapping for %s" % name)
|
||||
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not delete login mapping for %s" % name)
|
||||
-
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not delete login mapping for %s" % name)
|
||||
+
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
+
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"delete selinux user mapping",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_seuser_key_free(k)
|
||||
|
||||
|
||||
@@ -322,127 +349,150 @@
|
||||
else:
|
||||
selevel = untranslate(selevel)
|
||||
|
||||
- (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
+ try:
|
||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
- (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
- if exists:
|
||||
- raise ValueError("SELinux user %s is already defined" % name)
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
+ if exists:
|
||||
+ raise ValueError("SELinux user %s is already defined" % name)
|
||||
|
||||
- (rc,u) = semanage_user_create(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create SELinux user for %s" % name)
|
||||
+ (rc,u) = semanage_user_create(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create SELinux user for %s" % name)
|
||||
|
||||
- rc = semanage_user_set_name(self.sh, u, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set name for %s" % name)
|
||||
+ rc = semanage_user_set_name(self.sh, u, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not set name for %s" % name)
|
||||
|
||||
- for r in roles:
|
||||
- rc = semanage_user_add_role(self.sh, u, r)
|
||||
+ for r in roles:
|
||||
+ rc = semanage_user_add_role(self.sh, u, r)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not add role %s for %s" % (r, name))
|
||||
+
|
||||
+ rc = semanage_user_set_mlsrange(self.sh, u, serange)
|
||||
if rc < 0:
|
||||
- raise ValueError("Could not add role %s for %s" % (r, name))
|
||||
+ raise ValueError("Could not set MLS range for %s" % name)
|
||||
|
||||
- rc = semanage_user_set_mlsrange(self.sh, u, serange)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set MLS range for %s" % name)
|
||||
+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not set MLS level for %s" % name)
|
||||
|
||||
- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not set MLS level for %s" % name)
|
||||
+ (rc,key) = semanage_user_key_extract(self.sh,u)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not extract key for %s" % name)
|
||||
|
||||
- (rc,key) = semanage_user_key_extract(self.sh,u)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not extract key for %s" % name)
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not start semanage transaction")
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not start semanage transaction")
|
||||
+ rc = semanage_user_modify_local(self.sh, k, u)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not add SELinux user %s" % name)
|
||||
|
||||
- rc = semanage_user_modify_local(self.sh, k, u)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not add SELinux user %s" % name)
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not add SELinux user %s" % name)
|
||||
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not add SELinux user %s" % name)
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"add Selinux User Record",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_user_key_free(k)
|
||||
semanage_user_free(u)
|
||||
|
||||
def modify(self, name, roles = [], selevel = "", serange = ""):
|
||||
- if len(roles) == 0 and serange == "" and selevel == "":
|
||||
- raise ValueError("Requires roles, level or range")
|
||||
+ try:
|
||||
+ if len(roles) == 0 and serange == "" and selevel == "":
|
||||
+ raise ValueError("Requires roles, level or range")
|
||||
|
||||
- (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
- (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("SELinux user %s is not defined" % name)
|
||||
-
|
||||
- (rc,u) = semanage_user_query(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not query user for %s" % name)
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("SELinux user %s is not defined" % name)
|
||||
|
||||
- if serange != "":
|
||||
- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
||||
- if selevel != "":
|
||||
- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
||||
-
|
||||
- if len(roles) != 0:
|
||||
- for r in roles:
|
||||
- semanage_user_add_role(self.sh, u, r)
|
||||
+ (rc,u) = semanage_user_query(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not query user for %s" % name)
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not start semanage transaction")
|
||||
+ if serange != "":
|
||||
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
||||
+ if selevel != "":
|
||||
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
||||
+
|
||||
+ if len(roles) != 0:
|
||||
+ for r in roles:
|
||||
+ semanage_user_add_role(self.sh, u, r)
|
||||
|
||||
- rc = semanage_user_modify_local(self.sh, k, u)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not modify SELinux user %s" % name)
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not start semanage transaction")
|
||||
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not modify SELinux user %s" % name)
|
||||
-
|
||||
+ rc = semanage_user_modify_local(self.sh, k, u)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not modify SELinux user %s" % name)
|
||||
+
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not modify SELinux user %s" % name)
|
||||
+
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
+
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"modify Selinux User Record",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_user_key_free(k)
|
||||
semanage_user_free(u)
|
||||
|
||||
def delete(self, name):
|
||||
- (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not create a key for %s" % name)
|
||||
-
|
||||
- (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("SELinux user %s is not defined" % name)
|
||||
+ try:
|
||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create a key for %s" % name)
|
||||
+
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("SELinux user %s is not defined" % name)
|
||||
|
||||
- (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
- if not exists:
|
||||
- raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
|
||||
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
||||
+ if not exists:
|
||||
+ raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
|
||||
|
||||
- rc = semanage_begin_transaction(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not start semanage transaction")
|
||||
+ rc = semanage_begin_transaction(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not start semanage transaction")
|
||||
|
||||
- rc = semanage_user_del_local(self.sh, k)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not delete SELinux user %s" % name)
|
||||
+ rc = semanage_user_del_local(self.sh, k)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not delete SELinux user %s" % name)
|
||||
|
||||
- rc = semanage_commit(self.sh)
|
||||
- if rc < 0:
|
||||
- raise ValueError("Could not delete SELinux user %s" % name)
|
||||
+ rc = semanage_commit(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not delete SELinux user %s" % name)
|
||||
+ except ValueError, error:
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],error.args[0],
|
||||
+ name, 0, "", "", "", 0);
|
||||
+ raise error
|
||||
|
||||
+ audit.audit_log_acct_message(audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],"Delete Selinux User Record",
|
||||
+ name, 0, "", "", "", 1);
|
||||
semanage_user_key_free(k)
|
||||
|
||||
def get_all(self):
|
||||
|
@ -4,15 +4,15 @@
|
||||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.29.18
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
#Patch: policycoreutils-rhat.patch
|
||||
Patch: policycoreutils-rhat.patch
|
||||
|
||||
BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}
|
||||
PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff
|
||||
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python coreutils
|
||||
Requires: libsepol >= %{libsepolver} libsemanage >= %{libsemanagever} libselinux-python coreutils audit-libs-python
|
||||
BuildRoot: %{_tmppath}/%{name}-buildroot
|
||||
|
||||
%description
|
||||
@ -34,7 +34,7 @@ context.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
#%patch -p1 -b .rhat
|
||||
%patch -p1 -b .rhat
|
||||
|
||||
%build
|
||||
make LOG_AUDIT_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all
|
||||
@ -98,6 +98,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
%changelog
|
||||
|
||||
* Fri Feb 3 2006 Dan Walsh <dwalsh@redhat.com> 1.29.18-2
|
||||
- Add auditing to semanage
|
||||
|
||||
* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.18-1
|
||||
- Update from upstream
|
||||
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
||||
|
Loading…
Reference in New Issue
Block a user