* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9
- Fixes for semanage, patch from Ivan and added a test script
This commit is contained in:
parent
4c35281455
commit
25eeaeed66
@ -226,6 +226,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco
|
|||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.TP
|
.TP
|
||||||
chcon(1), selinux(8)
|
chcon(1), selinux(8)
|
||||||
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.2/scripts/fixfiles
|
||||||
|
--- nsapolicycoreutils/scripts/fixfiles 2005-10-13 13:51:22.000000000 -0400
|
||||||
|
+++ policycoreutils-1.29.2/scripts/fixfiles 2005-12-30 08:17:05.000000000 -0500
|
||||||
|
@@ -62,8 +62,8 @@
|
||||||
|
TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
|
||||||
|
test -z "$TEMPFILE" && exit
|
||||||
|
PREFCTEMPFILE=`mktemp ${PREFC}.XXXXXXXXXX`
|
||||||
|
- sed -r -e 's,:s0, ,g' $PREFC > ${PREFCTEMPFILE}
|
||||||
|
- sed -r -e 's,:s0, ,g' $FC | \
|
||||||
|
+ sed -r -e 's,:s0, ,g' $PREFC | sort -u > ${PREFCTEMPFILE}
|
||||||
|
+ sed -r -e 's,:s0, ,g' $FC | sort -u | \
|
||||||
|
/usr/bin/diff -b ${PREFCTEMPFILE} - | \
|
||||||
|
grep '^[<>]'|cut -c3-| grep ^/ | \
|
||||||
|
egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
|
||||||
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
|
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
|
||||||
+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500
|
+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500
|
||||||
@ -680,8 +694,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.co
|
|||||||
+s0:c3=NDA_Yoyodyne
|
+s0:c3=NDA_Yoyodyne
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500
|
--- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500
|
||||||
+++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 10:04:46.000000000 -0500
|
+++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 15:13:34.000000000 -0500
|
||||||
@@ -24,22 +24,27 @@
|
@@ -24,22 +24,33 @@
|
||||||
from semanage import *;
|
from semanage import *;
|
||||||
class loginRecords:
|
class loginRecords:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
@ -701,6 +715,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
+ sename = "user_u"
|
+ sename = "user_u"
|
||||||
+
|
+
|
||||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create a key for %s" % name)
|
||||||
|
+
|
||||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
raise ValueError("SELinux User %s mapping already defined" % name)
|
raise ValueError("SELinux User %s mapping already defined" % name)
|
||||||
@ -712,10 +729,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
|
|
||||||
- (rc,u)= semanage_seuser_create(self.sh)
|
- (rc,u)= semanage_seuser_create(self.sh)
|
||||||
+ (rc,u) = semanage_seuser_create(self.sh)
|
+ (rc,u) = semanage_seuser_create(self.sh)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create seuser for %s" % name)
|
||||||
|
+
|
||||||
semanage_seuser_set_name(self.sh, u, name)
|
semanage_seuser_set_name(self.sh, u, name)
|
||||||
semanage_seuser_set_mlsrange(self.sh, u, serange)
|
semanage_seuser_set_mlsrange(self.sh, u, serange)
|
||||||
semanage_seuser_set_sename(self.sh, u, sename)
|
semanage_seuser_set_sename(self.sh, u, sename)
|
||||||
@@ -48,12 +53,13 @@
|
@@ -48,13 +59,22 @@
|
||||||
if semanage_commit(self.sh) != 0:
|
if semanage_commit(self.sh) != 0:
|
||||||
raise ValueError("Failed to add SELinux user mapping")
|
raise ValueError("Failed to add SELinux user mapping")
|
||||||
|
|
||||||
@ -723,18 +743,28 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
- (rc,k)=semanage_seuser_key_create(self.sh, name)
|
- (rc,k)=semanage_seuser_key_create(self.sh, name)
|
||||||
- (rc,u)= semanage_seuser_query(self.sh, k)
|
- (rc,u)= semanage_seuser_query(self.sh, k)
|
||||||
- if rc !=0 :
|
- if rc !=0 :
|
||||||
|
- raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||||
|
- if sename == "" and serange=="":
|
||||||
+ def modify(self, name, sename = "", serange = ""):
|
+ def modify(self, name, sename = "", serange = ""):
|
||||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
+ if rc != 0:
|
||||||
+ if not exists:
|
+ raise ValueError("Could not create a key for %s" % name)
|
||||||
raise ValueError("SELinux user %s mapping is not defined." % name)
|
+
|
||||||
- if sename == "" and serange=="":
|
|
||||||
+ (rc,u) = semanage_seuser_query(self.sh, k)
|
|
||||||
+ if sename == "" and serange == "":
|
+ if sename == "" and serange == "":
|
||||||
raise ValueError("Requires, seuser or serange")
|
raise ValueError("Requires, seuser or serange")
|
||||||
|
+
|
||||||
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ (rc,u) = semanage_seuser_query(self.sh, k)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not query seuser for %s" % name)
|
||||||
|
+ else:
|
||||||
|
+ raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||||
|
+
|
||||||
if serange != "":
|
if serange != "":
|
||||||
semanage_seuser_set_mlsrange(self.sh, u, serange)
|
semanage_seuser_set_mlsrange(self.sh, u, serange)
|
||||||
@@ -66,9 +72,9 @@
|
if sename != "":
|
||||||
|
@@ -66,78 +86,107 @@
|
||||||
|
|
||||||
|
|
||||||
def delete(self, name):
|
def delete(self, name):
|
||||||
@ -742,20 +772,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
- (rc,exists)= semanage_seuser_exists(self.sh, k)
|
- (rc,exists)= semanage_seuser_exists(self.sh, k)
|
||||||
- if rc !=0 :
|
- if rc !=0 :
|
||||||
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create a key for %s" % name)
|
||||||
|
+
|
||||||
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||||
+ if not exists:
|
+ if not exists:
|
||||||
raise ValueError("SELinux user %s mapping is not defined." % name)
|
raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||||
semanage_begin_transaction(self.sh)
|
semanage_begin_transaction(self.sh)
|
||||||
semanage_seuser_del(self.sh, k)
|
semanage_seuser_del(self.sh, k)
|
||||||
@@ -79,25 +85,29 @@
|
if semanage_commit(self.sh) != 0:
|
||||||
print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
|
raise ValueError("SELinux User %s mapping not defined" % name)
|
||||||
|
|
||||||
|
- def list(self):
|
||||||
|
- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
|
||||||
|
+ def list(self,heading=1):
|
||||||
|
+ if heading:
|
||||||
|
+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
|
||||||
(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
|
(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
|
||||||
for idx in range(self.usize):
|
for idx in range(self.usize):
|
||||||
- u=semanage_seuser_by_idx(self.ulist, idx)
|
- u=semanage_seuser_by_idx(self.ulist, idx)
|
||||||
- name=semanage_seuser_get_name(u)
|
- name=semanage_seuser_get_name(u)
|
||||||
|
-
|
||||||
+ u = semanage_seuser_by_idx(self.ulist, idx)
|
+ u = semanage_seuser_by_idx(self.ulist, idx)
|
||||||
+ name = semanage_seuser_get_name(u)
|
+ name = semanage_seuser_get_name(u)
|
||||||
|
|
||||||
print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
||||||
|
|
||||||
class seluserRecords:
|
class seluserRecords:
|
||||||
@ -772,20 +811,39 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
def add(self, name, roles, selevel, serange):
|
def add(self, name, roles, selevel, serange):
|
||||||
- (rc,k)=semanage_user_key_create(self.sh, name)
|
- (rc,k)=semanage_user_key_create(self.sh, name)
|
||||||
- (rc,exists)= semanage_user_exists(self.sh, k)
|
- (rc,exists)= semanage_user_exists(self.sh, k)
|
||||||
|
- if exists:
|
||||||
|
- raise ValueError("Seuser %s already defined" % name)
|
||||||
|
- (rc,u)= semanage_user_create(self.sh)
|
||||||
+ if serange == "":
|
+ if serange == "":
|
||||||
+ serange = "s0"
|
+ serange = "s0"
|
||||||
+ if selevel == "":
|
+ if selevel == "":
|
||||||
+ selevel = "s0"
|
+ selevel = "s0"
|
||||||
|
+
|
||||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
+ if rc != 0:
|
||||||
if exists:
|
+ raise ValueError("Could not create a key for %s" % name)
|
||||||
raise ValueError("Seuser %s already defined" % name)
|
+
|
||||||
- (rc,u)= semanage_user_create(self.sh)
|
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||||
|
+ if not exists:
|
||||||
|
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||||
|
+ if not exists:
|
||||||
|
+ raise ValueError("SELinux user %s is already defined." % name)
|
||||||
|
+
|
||||||
+ (rc,u) = semanage_user_create(self.sh)
|
+ (rc,u) = semanage_user_create(self.sh)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create login mapping for %s" % name)
|
||||||
|
+
|
||||||
semanage_user_set_name(self.sh, u, name)
|
semanage_user_set_name(self.sh, u, name)
|
||||||
for r in roles:
|
for r in roles:
|
||||||
semanage_user_add_role(self.sh, u, r)
|
semanage_user_add_role(self.sh, u, r)
|
||||||
@@ -109,17 +119,13 @@
|
semanage_user_set_mlsrange(self.sh, u, serange)
|
||||||
|
semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||||
|
(rc,key) = semanage_user_key_extract(self.sh,u)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not extract key for %s" % name)
|
||||||
|
+
|
||||||
|
semanage_begin_transaction(self.sh)
|
||||||
|
semanage_user_add_local(self.sh, k, u)
|
||||||
if semanage_commit(self.sh) != 0:
|
if semanage_commit(self.sh) != 0:
|
||||||
raise ValueError("Failed to add SELinux user")
|
raise ValueError("Failed to add SELinux user")
|
||||||
|
|
||||||
@ -794,21 +852,35 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
- def modify(self, name, roles=[], selevel="", serange=""):
|
- def modify(self, name, roles=[], selevel="", serange=""):
|
||||||
- (rc,k)=semanage_user_key_create(self.sh, name)
|
- (rc,k)=semanage_user_key_create(self.sh, name)
|
||||||
- (rc,exists)= semanage_user_exists(self.sh, k)
|
- (rc,exists)= semanage_user_exists(self.sh, k)
|
||||||
+ def modify(self, name, roles = [], selevel = "", serange = ""):
|
- if not exists:
|
||||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
- raise ValueError("user %s is not defined" % name)
|
||||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
|
||||||
if not exists:
|
|
||||||
raise ValueError("user %s is not defined" % name)
|
|
||||||
- (rc,u)= semanage_user_query(self.sh, k)
|
- (rc,u)= semanage_user_query(self.sh, k)
|
||||||
- if rc !=0 :
|
- if rc !=0 :
|
||||||
- raise ValueError("User %s is not defined." % name)
|
- raise ValueError("User %s is not defined." % name)
|
||||||
- if len(roles) == 0 and serange=="" and selevel=="":
|
- if len(roles) == 0 and serange=="" and selevel=="":
|
||||||
+ (rc,u) = semanage_user_query(self.sh, k)
|
+ def modify(self, name, roles = [], selevel = "", serange = ""):
|
||||||
+ if len(roles) == 0 and serange == "" and selevel == "":
|
+ if len(roles) == 0 and serange == "" and selevel == "":
|
||||||
raise ValueError("Requires, roles, level or range")
|
raise ValueError("Requires, roles, level or range")
|
||||||
|
+
|
||||||
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create a key for %s" % name)
|
||||||
|
+
|
||||||
|
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ (rc,u) = semanage_user_query_local(self.sh, k)
|
||||||
|
+ else:
|
||||||
|
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ (rc,u) = semanage_user_query(self.sh, k)
|
||||||
|
+ else:
|
||||||
|
+ raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not query user for %s" % name)
|
||||||
|
+
|
||||||
if serange != "":
|
if serange != "":
|
||||||
semanage_user_set_mlsrange(self.sh, u, serange)
|
semanage_user_set_mlsrange(self.sh, u, serange)
|
||||||
@@ -127,17 +133,15 @@
|
if selevel != "":
|
||||||
semanage_user_set_mlslevel(self.sh, u, selevel)
|
semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||||
if len(roles) != 0:
|
if len(roles) != 0:
|
||||||
for r in roles:
|
for r in roles:
|
||||||
@ -824,12 +896,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
- (rc,k)=semanage_user_key_create(self.sh, name)
|
- (rc,k)=semanage_user_key_create(self.sh, name)
|
||||||
- (rc,exists)= semanage_user_exists(self.sh, k)
|
- (rc,exists)= semanage_user_exists(self.sh, k)
|
||||||
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
||||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not crpppeate a key for %s" % name)
|
||||||
|
+
|
||||||
|
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||||
if not exists:
|
if not exists:
|
||||||
raise ValueError("user %s is not defined" % name)
|
raise ValueError("user %s is not defined" % name)
|
||||||
semanage_begin_transaction(self.sh)
|
semanage_begin_transaction(self.sh)
|
||||||
@@ -150,31 +154,30 @@
|
@@ -145,86 +194,183 @@
|
||||||
print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
|
if semanage_commit(self.sh) != 0:
|
||||||
|
raise ValueError("Login User %s not defined" % name)
|
||||||
|
|
||||||
|
- def list(self):
|
||||||
|
- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
|
||||||
|
- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
|
||||||
|
+ def list(self, heading=1):
|
||||||
|
+ if heading:
|
||||||
|
+ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
|
||||||
|
+ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
|
||||||
(status, self.ulist, self.usize) = semanage_user_list(self.sh)
|
(status, self.ulist, self.usize) = semanage_user_list(self.sh)
|
||||||
for idx in range(self.usize):
|
for idx in range(self.usize):
|
||||||
- u=semanage_user_by_idx(self.ulist, idx)
|
- u=semanage_user_by_idx(self.ulist, idx)
|
||||||
@ -858,52 +942,175 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
if self.semanaged:
|
if self.semanaged:
|
||||||
semanage_connect(self.sh)
|
semanage_connect(self.sh)
|
||||||
|
|
||||||
def add(self, name, type):
|
- def add(self, name, type):
|
||||||
- (rc,k)=semanage_port_key_create(self.sh, name)
|
- (rc,k)=semanage_port_key_create(self.sh, name)
|
||||||
- (rc,exists)= semanage_port_exists(self.sh, k)
|
- (rc,exists)= semanage_port_exists(self.sh, k)
|
||||||
+ (rc,k) = semanage_port_key_create(self.sh, name)
|
+ def __genkey(self, port, proto):
|
||||||
|
+ if proto == "tcp":
|
||||||
|
+ proto_d=SEMANAGE_PROTO_TCP
|
||||||
|
+ else:
|
||||||
|
+ if proto == "udp":
|
||||||
|
+ proto_d=SEMANAGE_PROTO_UDP
|
||||||
|
+ else:
|
||||||
|
+ raise ValueError("Protocol udp or tcp is required")
|
||||||
|
+ if port == "":
|
||||||
|
+ raise ValueError("Port is required")
|
||||||
|
+
|
||||||
|
+ ports=port.split("-")
|
||||||
|
+ if len(ports) == 1:
|
||||||
|
+ low=string.atoi(ports[0])
|
||||||
|
+ high=string.atoi(ports[0])
|
||||||
|
+ else:
|
||||||
|
+ low=string.atoi(ports[0])
|
||||||
|
+ high=string.atoi(ports[1])
|
||||||
|
+
|
||||||
|
+ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create a key for %s/%s" % (proto, port))
|
||||||
|
+ return ( k, proto_d, low, high )
|
||||||
|
+
|
||||||
|
+ def add(self, port, proto, serange, type):
|
||||||
|
+ if serange == "":
|
||||||
|
+ serange="s0"
|
||||||
|
+
|
||||||
|
+ if type == "":
|
||||||
|
+ raise ValueError("Type is required")
|
||||||
|
+
|
||||||
|
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||||
|
+
|
||||||
+ (rc,exists) = semanage_port_exists(self.sh, k)
|
+ (rc,exists) = semanage_port_exists(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ raise ValueError("Port %s/%s already defined" % (proto, port))
|
||||||
|
+
|
||||||
|
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
raise ValueError("User %s already defined" % name)
|
- raise ValueError("User %s already defined" % name)
|
||||||
- (rc,u)= semanage_port_create(self.sh)
|
- (rc,u)= semanage_port_create(self.sh)
|
||||||
+ (rc,u) = semanage_port_create(self.sh)
|
- semanage_port_set_name(self.sh, u, name)
|
||||||
semanage_port_set_name(self.sh, u, name)
|
- semanage_port_set_mlsrange(self.sh, u, serange)
|
||||||
semanage_port_set_mlsrange(self.sh, u, serange)
|
- semanage_port_set_sename(self.sh, u, sename)
|
||||||
semanage_port_set_sename(self.sh, u, sename)
|
+ raise ValueError("Port %s/%s already defined locally" % (proto, port))
|
||||||
@@ -184,11 +187,11 @@
|
+
|
||||||
|
+ (rc,p) = semanage_port_create(self.sh)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create port for %s/%s" % (proto, port))
|
||||||
|
+
|
||||||
|
+ semanage_port_set_proto(p, proto_d)
|
||||||
|
+ semanage_port_set_range(p, low, high)
|
||||||
|
+ (rc, con) = semanage_context_create(self.sh)
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not create context for %s/%s" % (proto, port))
|
||||||
|
+
|
||||||
|
+ semanage_context_set_user(self.sh, con, "system_u")
|
||||||
|
+ semanage_context_set_role(self.sh, con, "object_r")
|
||||||
|
+ semanage_context_set_type(self.sh, con, type)
|
||||||
|
+ semanage_context_set_mls(self.sh, con, serange)
|
||||||
|
+ semanage_port_set_con(p, con)
|
||||||
|
semanage_begin_transaction(self.sh)
|
||||||
|
- semanage_port_add(self.sh, k, u)
|
||||||
|
+ semanage_port_add_local(self.sh, k, p)
|
||||||
|
if semanage_commit(self.sh) != 0:
|
||||||
raise ValueError("Failed to add port")
|
raise ValueError("Failed to add port")
|
||||||
|
|
||||||
def modify(self, name, type):
|
- def modify(self, name, type):
|
||||||
- (rc,k)=semanage_port_key_create(self.sh, name)
|
- (rc,k)=semanage_port_key_create(self.sh, name)
|
||||||
- (rc,u)= semanage_port_query(self.sh, k)
|
- (rc,u)= semanage_port_query(self.sh, k)
|
||||||
- if rc !=0 :
|
- if rc !=0 :
|
||||||
+ (rc,k) = semanage_port_key_create(self.sh, name)
|
- raise ValueError("User %s is not defined." % name)
|
||||||
+ (rc,u) = semanage_port_query(self.sh, k)
|
|
||||||
+ if rc != 0 :
|
|
||||||
raise ValueError("User %s is not defined." % name)
|
|
||||||
- if sename == "" and serange=="":
|
- if sename == "" and serange=="":
|
||||||
+ if sename == "" and serange == "":
|
- raise ValueError("Requires, port or serange")
|
||||||
raise ValueError("Requires, port or serange")
|
+ def modify(self, port, proto, serange, setype):
|
||||||
|
+ if serange == "" and setype == "":
|
||||||
|
+ raise ValueError("Requires, setype or serange")
|
||||||
|
+
|
||||||
|
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||||
|
+
|
||||||
|
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ (rc,p) = semanage_port_query_local(self.sh, k)
|
||||||
|
+ (rc,exists) = semanage_port_exists(self.sh, k)
|
||||||
|
+ if exists:
|
||||||
|
+ (rc,p) = semanage_port_query(self.sh, k)
|
||||||
|
+ else:
|
||||||
|
+ raise ValueError("port %s/%s is not defined." % (proto,port))
|
||||||
|
+
|
||||||
|
+ if rc != 0:
|
||||||
|
+ raise ValueError("Could not query port for %s/%s" % (proto, port))
|
||||||
|
+
|
||||||
|
+ con = semanage_port_get_con(p)
|
||||||
|
+ semanage_context_set_mls(self.sh, con, serange)
|
||||||
if serange != "":
|
if serange != "":
|
||||||
semanage_port_set_mlsrange(self.sh, u, serange)
|
- semanage_port_set_mlsrange(self.sh, u, serange)
|
||||||
@@ -200,7 +203,7 @@
|
- if sename != "":
|
||||||
|
- semanage_port_set_sename(self.sh, u, sename)
|
||||||
|
+ semanage_context_set_mls(self.sh, con, serange)
|
||||||
|
+ if setype != "":
|
||||||
|
+ semanage_context_set_type(self.sh, con, setype)
|
||||||
|
+ semanage_port_set_con(p, con)
|
||||||
|
semanage_begin_transaction(self.sh)
|
||||||
|
- semanage_port_modify(self.sh, k, u)
|
||||||
|
+ semanage_port_modify_local(self.sh, k, p)
|
||||||
|
if semanage_commit(self.sh) != 0:
|
||||||
raise ValueError("Failed to add port")
|
raise ValueError("Failed to add port")
|
||||||
|
|
||||||
def delete(self, name):
|
- def delete(self, name):
|
||||||
- (rc,k)=semanage_port_key_create(self.sh, name)
|
- (rc,k)=semanage_port_key_create(self.sh, name)
|
||||||
+ (rc,k) = semanage_port_key_create(self.sh, name)
|
+ def delete(self, port, proto):
|
||||||
|
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||||
|
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||||
|
+ if not exists:
|
||||||
|
+ raise ValueError("port %s/%s is not defined localy." % (proto,port))
|
||||||
|
+
|
||||||
semanage_begin_transaction(self.sh)
|
semanage_begin_transaction(self.sh)
|
||||||
semanage_port_del(self.sh, k)
|
- semanage_port_del(self.sh, k)
|
||||||
|
+ semanage_port_del_local(self.sh, k)
|
||||||
if semanage_commit(self.sh) != 0:
|
if semanage_commit(self.sh) != 0:
|
||||||
@@ -210,13 +213,13 @@
|
- raise ValueError("Port %s not defined" % name)
|
||||||
|
+ raise ValueError("Port %s/%s not defined" % (proto,port))
|
||||||
|
|
||||||
|
- def list(self):
|
||||||
|
+ def list(self, heading=1):
|
||||||
(status, self.plist, self.psize) = semanage_port_list(self.sh)
|
(status, self.plist, self.psize) = semanage_port_list(self.sh)
|
||||||
print "%-25s %s\n" % ("SELinux Port Name", "Port Number")
|
- print "%-25s %s\n" % ("SELinux Port Name", "Port Number")
|
||||||
|
+ if heading:
|
||||||
|
+ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number")
|
||||||
|
+ dict={}
|
||||||
|
+ for idx in range(self.psize):
|
||||||
|
+ u = semanage_port_by_idx(self.plist, idx)
|
||||||
|
+ con = semanage_port_get_con(u)
|
||||||
|
+ name = semanage_context_get_type(con)
|
||||||
|
+ proto=semanage_port_get_proto_str(u)
|
||||||
|
+ low=semanage_port_get_low(u)
|
||||||
|
+ high = semanage_port_get_high(u)
|
||||||
|
+ if (name, proto) not in dict.keys():
|
||||||
|
+ dict[(name,proto)]=[]
|
||||||
|
+ if low == high:
|
||||||
|
+ dict[(name,proto)].append("%d" % low)
|
||||||
|
+ else:
|
||||||
|
+ dict[(name,proto)].append("%d-%d" % (low, high))
|
||||||
|
+ (status, self.plist, self.psize) = semanage_port_list_local(self.sh)
|
||||||
for idx in range(self.psize):
|
for idx in range(self.psize):
|
||||||
- u=semanage_port_by_idx(self.plist, idx)
|
- u=semanage_port_by_idx(self.plist, idx)
|
||||||
- name=semanage_port_get_name(u)
|
- name=semanage_port_get_name(u)
|
||||||
|
- print "%20s %d" % ( name, semanage_port_get_number(u))
|
||||||
+ u = semanage_port_by_idx(self.plist, idx)
|
+ u = semanage_port_by_idx(self.plist, idx)
|
||||||
+ name = semanage_port_get_name(u)
|
+ con = semanage_port_get_con(u)
|
||||||
print "%20s %d" % ( name, semanage_port_get_number(u))
|
+ name = semanage_context_get_type(con)
|
||||||
|
+ proto=semanage_port_get_proto_str(u)
|
||||||
|
+ low=semanage_port_get_low(u)
|
||||||
|
+ high = semanage_port_get_high(u)
|
||||||
|
+ if (name, proto) not in dict.keys():
|
||||||
|
+ dict[(name,proto)]=[]
|
||||||
|
+ if low == high:
|
||||||
|
+ dict[(name,proto)].append("%d" % low)
|
||||||
|
+ else:
|
||||||
|
+ dict[(name,proto)].append("%d-%d" % (low, high))
|
||||||
|
+ for i in dict.keys():
|
||||||
|
+ rec = "%-30s %-8s " % i
|
||||||
|
+ rec += "%s" % dict[i][0]
|
||||||
|
+ for p in dict[i][1:]:
|
||||||
|
+ rec += ", %s" % p
|
||||||
|
+ print rec
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
||||||
@ -912,7 +1119,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
print '\
|
print '\
|
||||||
semanage user [-admsRrh] SELINUX_USER\n\
|
semanage user [-admsRrh] SELINUX_USER\n\
|
||||||
semanage login [-admsrh] LOGIN_NAME\n\
|
semanage login [-admsrh] LOGIN_NAME\n\
|
||||||
@@ -245,26 +248,26 @@
|
-semanage port [-admth] SELINUX_PORT_NAME\n\
|
||||||
|
+semanage port [-admth] PORT | PORTRANGE\n\
|
||||||
|
-a, --add Add a OBJECT record NAME\n\
|
||||||
|
-d, --delete Delete a OBJECT record NAME\n\
|
||||||
|
-h, --help display this message\n\
|
||||||
|
-l, --list List the OBJECTS\n\
|
||||||
|
+ -n, --noheading Do not print heading when listing OBJECTS\n\
|
||||||
|
-m, --modify Modify a OBJECT record NAME\n\
|
||||||
|
-r, --range MLS/MCS Security Range\n\
|
||||||
|
-R, --roles SELinux Roles (Separate by spaces)\n\
|
||||||
|
@@ -245,33 +391,40 @@
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
try:
|
try:
|
||||||
@ -932,9 +1149,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
+ input = sys.stdin
|
+ input = sys.stdin
|
||||||
+ output = sys.stdout
|
+ output = sys.stdout
|
||||||
+ serange = ""
|
+ serange = ""
|
||||||
|
+ port = ""
|
||||||
|
+ proto = ""
|
||||||
+ selevel = ""
|
+ selevel = ""
|
||||||
|
+ setype = ""
|
||||||
+ roles = ""
|
+ roles = ""
|
||||||
+ seuser = ""
|
+ seuser = ""
|
||||||
|
+ heading=1
|
||||||
+
|
+
|
||||||
+ add = 0
|
+ add = 0
|
||||||
+ modify = 0
|
+ modify = 0
|
||||||
@ -951,9 +1172,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
- args=sys.argv[2:]
|
- args=sys.argv[2:]
|
||||||
+ args = sys.argv[2:]
|
+ args = sys.argv[2:]
|
||||||
gopts, cmds = getopt.getopt(args,
|
gopts, cmds = getopt.getopt(args,
|
||||||
'adlhms:R:r:t:v',
|
- 'adlhms:R:r:t:v',
|
||||||
|
+ 'adlhmnp:P:s:R:r:t:v',
|
||||||
['add',
|
['add',
|
||||||
@@ -282,46 +285,46 @@
|
'delete',
|
||||||
|
'help',
|
||||||
|
'list',
|
||||||
|
'modify',
|
||||||
|
+ 'noheading',
|
||||||
|
+ 'port=',
|
||||||
|
+ 'proto=',
|
||||||
|
'seuser=',
|
||||||
|
'range=',
|
||||||
|
'roles=',
|
||||||
|
@@ -282,88 +435,95 @@
|
||||||
if o == "-a" or o == "--add":
|
if o == "-a" or o == "--add":
|
||||||
if modify or delete:
|
if modify or delete:
|
||||||
usage()
|
usage()
|
||||||
@ -968,6 +1200,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
if o == "-h" or o == "--help":
|
if o == "-h" or o == "--help":
|
||||||
usage()
|
usage()
|
||||||
|
|
||||||
|
+ if o == "-n" or o == "--nohead":
|
||||||
|
+ heading=0
|
||||||
|
+
|
||||||
if o == "-m"or o == "--modify":
|
if o == "-m"or o == "--modify":
|
||||||
if delete or add:
|
if delete or add:
|
||||||
usage()
|
usage()
|
||||||
@ -977,6 +1212,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
if o == "-r" or o == '--range':
|
if o == "-r" or o == '--range':
|
||||||
- serange=a
|
- serange=a
|
||||||
+ serange = a
|
+ serange = a
|
||||||
|
+
|
||||||
|
+ if o == "-P" or o == '--proto':
|
||||||
|
+ proto = a
|
||||||
|
|
||||||
if o == "-R" or o == '--roles':
|
if o == "-R" or o == '--roles':
|
||||||
- roles=a
|
- roles=a
|
||||||
@ -984,7 +1222,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
|
|
||||||
if o == "-t" or o == "--type":
|
if o == "-t" or o == "--type":
|
||||||
- type=a
|
- type=a
|
||||||
+ type = a
|
+ setype = a
|
||||||
|
|
||||||
if o == "-l" or o == "--list":
|
if o == "-l" or o == "--list":
|
||||||
- list=1
|
- list=1
|
||||||
@ -1011,53 +1249,68 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
|
|||||||
+ OBJECT = portRecords()
|
+ OBJECT = portRecords()
|
||||||
|
|
||||||
if list:
|
if list:
|
||||||
OBJECT.list()
|
- OBJECT.list()
|
||||||
@@ -330,21 +333,22 @@
|
+ OBJECT.list(heading)
|
||||||
|
sys.exit(0);
|
||||||
|
|
||||||
if len(cmds) != 1:
|
if len(cmds) != 1:
|
||||||
usage()
|
usage()
|
||||||
|
|
||||||
- name=cmds[0]
|
- name=cmds[0]
|
||||||
+ name = cmds[0]
|
+ target = cmds[0]
|
||||||
|
|
||||||
if add:
|
if add:
|
||||||
if object == "login":
|
if object == "login":
|
||||||
OBJECT.add(name, seuser, serange)
|
- OBJECT.add(name, seuser, serange)
|
||||||
|
+ OBJECT.add(target, seuser, serange)
|
||||||
|
|
||||||
if object == "user":
|
if object == "user":
|
||||||
- rlist=roles.split()
|
- rlist=roles.split()
|
||||||
- print rlist
|
- print rlist
|
||||||
|
- OBJECT.add(name, rlist, selevel, serange)
|
||||||
+ rlist = roles.split()
|
+ rlist = roles.split()
|
||||||
+ if len(rlist) == 0:
|
+ if len(rlist) == 0:
|
||||||
+ raise ValueError("You must specify a role")
|
+ raise ValueError("You must specify a role")
|
||||||
+
|
+ OBJECT.add(target, rlist, selevel, serange)
|
||||||
OBJECT.add(name, rlist, selevel, serange)
|
|
||||||
|
|
||||||
if object == "port":
|
if object == "port":
|
||||||
OBJECT.add(name, type)
|
- OBJECT.add(name, type)
|
||||||
|
+ OBJECT.add(target, proto, serange, setype)
|
||||||
|
|
||||||
- OBJECT.list()
|
- OBJECT.list()
|
||||||
sys.exit(0);
|
sys.exit(0);
|
||||||
|
|
||||||
if modify:
|
if modify:
|
||||||
@@ -352,14 +356,12 @@
|
if object == "login":
|
||||||
OBJECT.modify(name, seuser, serange)
|
- OBJECT.modify(name, seuser, serange)
|
||||||
|
+ OBJECT.modify(target, seuser, serange)
|
||||||
|
|
||||||
if object == "user":
|
if object == "user":
|
||||||
- rlist=roles.split()
|
- rlist=roles.split()
|
||||||
- print rlist
|
- print rlist
|
||||||
|
- OBJECT.modify(name, rlist, selevel, serange)
|
||||||
+ rlist = roles.split()
|
+ rlist = roles.split()
|
||||||
OBJECT.modify(name, rlist, selevel, serange)
|
+ OBJECT.modify(target, rlist, selevel, serange)
|
||||||
|
|
||||||
if object == "port":
|
if object == "port":
|
||||||
OBJECT.modify(name, type)
|
- OBJECT.modify(name, type)
|
||||||
|
+ OBJECT.modify(target, proto, serange, setype)
|
||||||
sys.exit(0);
|
sys.exit(0);
|
||||||
- OBJECT.list()
|
- OBJECT.list()
|
||||||
sys.exit(0);
|
sys.exit(0);
|
||||||
|
|
||||||
if delete:
|
if delete:
|
||||||
|
- OBJECT.delete(name)
|
||||||
|
+ if object == "port":
|
||||||
|
+ OBJECT.delete(target, proto)
|
||||||
|
+ else:
|
||||||
|
+ OBJECT.delete(target)
|
||||||
|
sys.exit(0);
|
||||||
|
usage()
|
||||||
|
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
|
||||||
--- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 10:07:15.000000000 -0500
|
+++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 14:40:02.000000000 -0500
|
||||||
@@ -0,0 +1,67 @@
|
@@ -0,0 +1,67 @@
|
||||||
+#!/bin/sh -x
|
+#!/bin/sh -x
|
||||||
+#
|
+#
|
||||||
@ -1123,6 +1376,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_
|
|||||||
+#
|
+#
|
||||||
+#******************** semanage SELinux ports test ************************
|
+#******************** semanage SELinux ports test ************************
|
||||||
+#"
|
+#"
|
||||||
+#semanage port -l
|
+semanage port -l
|
||||||
+#semanage port -a httpd_port_t
|
+semanage port -a -P tcp 123456
|
||||||
+#semanage port -d httpd_port_t
|
+semanage port -d -P tcp 123456
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
%define libsepolver 1.11.1-1
|
%define libsepolver 1.11.1-2
|
||||||
%define libsemanagever 1.5.3-1
|
%define libsemanagever 1.5.3-3
|
||||||
%define libselinuxver 1.29.2-1
|
%define libselinuxver 1.29.2-1
|
||||||
Summary: SELinux policy core utilities.
|
Summary: SELinux policy core utilities.
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
|
Loading…
Reference in New Issue
Block a user