Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
This commit is contained in:
parent
dcda6e4336
commit
356d85e93c
@ -335150,15 +335150,16 @@ index 63b11dd..28a9022 100644
|
|||||||
.TP
|
.TP
|
||||||
.I \-P, \-\-prefix
|
.I \-P, \-\-prefix
|
||||||
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
|
||||||
index ad7dc8c..f2b8721 100644
|
index ad7dc8c..05b8128 100644
|
||||||
--- a/policycoreutils/semanage/seobject.py
|
--- a/policycoreutils/semanage/seobject.py
|
||||||
+++ b/policycoreutils/semanage/seobject.py
|
+++ b/policycoreutils/semanage/seobject.py
|
||||||
@@ -24,17 +24,18 @@
|
@@ -24,17 +24,19 @@
|
||||||
import pwd, grp, string, selinux, tempfile, os, re, sys, stat
|
import pwd, grp, string, selinux, tempfile, os, re, sys, stat
|
||||||
from semanage import *;
|
from semanage import *;
|
||||||
PROGNAME = "policycoreutils"
|
PROGNAME = "policycoreutils"
|
||||||
+import sepolicy
|
+import sepolicy
|
||||||
+from sepolicy import boolean_desc, boolean_category
|
+from sepolicy import boolean_desc, boolean_category, gen_bool_dict
|
||||||
|
+gen_bool_dict()
|
||||||
import sepolgen.module as module
|
import sepolgen.module as module
|
||||||
from IPy import IP
|
from IPy import IP
|
||||||
|
|
||||||
@ -335177,7 +335178,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
import syslog
|
import syslog
|
||||||
|
|
||||||
@@ -123,39 +124,6 @@ class nulllogger:
|
@@ -123,39 +125,6 @@ class nulllogger:
|
||||||
def commit(self,success):
|
def commit(self,success):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -335217,7 +335218,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
def validate_level(raw):
|
def validate_level(raw):
|
||||||
sensitivity = "s[0-9]*"
|
sensitivity = "s[0-9]*"
|
||||||
category = "c[0-9]*"
|
category = "c[0-9]*"
|
||||||
@@ -384,13 +352,7 @@ class permissiveRecords(semanageRecords):
|
@@ -384,13 +353,7 @@ class permissiveRecords(semanageRecords):
|
||||||
return l
|
return l
|
||||||
|
|
||||||
def list(self, heading = 1, locallist = 0):
|
def list(self, heading = 1, locallist = 0):
|
||||||
@ -335232,7 +335233,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
if len(all) == 0:
|
if len(all) == 0:
|
||||||
return
|
return
|
||||||
|
|
||||||
@@ -493,7 +455,9 @@ class loginRecords(semanageRecords):
|
@@ -493,7 +456,9 @@ class loginRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -335243,7 +335244,68 @@ index ad7dc8c..f2b8721 100644
|
|||||||
if name[0] == '%':
|
if name[0] == '%':
|
||||||
try:
|
try:
|
||||||
grp.getgrnam(name[1:])
|
grp.getgrnam(name[1:])
|
||||||
@@ -738,7 +702,8 @@ class seluserRecords(semanageRecords):
|
@@ -654,6 +619,21 @@ class loginRecords(semanageRecords):
|
||||||
|
self.mylog.commit(0)
|
||||||
|
raise error
|
||||||
|
|
||||||
|
+ def get_all_logins(self):
|
||||||
|
+ ddict = {}
|
||||||
|
+ self.logins_path = selinux.selinux_policy_root() + "/logins"
|
||||||
|
+ for path,dirs,files in os.walk(self.logins_path):
|
||||||
|
+ if path == self.logins_path:
|
||||||
|
+ for name in files:
|
||||||
|
+ try:
|
||||||
|
+ fd = open(path + "/" + name)
|
||||||
|
+ rec = fd.read().rstrip().split(":")
|
||||||
|
+ fd.close()
|
||||||
|
+ ddict[name] = (rec[1], rec[2], rec[0])
|
||||||
|
+ except IndexError:
|
||||||
|
+ pass
|
||||||
|
+ return ddict
|
||||||
|
+
|
||||||
|
def get_all(self, locallist = 0):
|
||||||
|
ddict = {}
|
||||||
|
if locallist:
|
||||||
|
@@ -665,7 +645,7 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
|
for u in self.ulist:
|
||||||
|
name = semanage_seuser_get_name(u)
|
||||||
|
- ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
||||||
|
+ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u), "*")
|
||||||
|
return ddict
|
||||||
|
|
||||||
|
def customized(self):
|
||||||
|
@@ -679,16 +659,26 @@ class loginRecords(semanageRecords):
|
||||||
|
|
||||||
|
def list(self,heading = 1, locallist = 0):
|
||||||
|
ddict = self.get_all(locallist)
|
||||||
|
+ ldict = self.get_all_logins()
|
||||||
|
+ lkeys = ldict.keys()
|
||||||
|
keys = ddict.keys()
|
||||||
|
- if len(keys) == 0:
|
||||||
|
+ if len(keys) == 0 and len(lkeys) == 0:
|
||||||
|
return
|
||||||
|
keys.sort()
|
||||||
|
+ lkeys.sort()
|
||||||
|
|
||||||
|
if is_mls_enabled == 1:
|
||||||
|
if heading:
|
||||||
|
- print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"))
|
||||||
|
+ print "\n%-20s %-20s %-20s %s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"), _("Service"))
|
||||||
|
for k in keys:
|
||||||
|
- print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
|
||||||
|
+ u = ddict[k]
|
||||||
|
+ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
|
||||||
|
+ if len(lkeys):
|
||||||
|
+ print "\nLocal customization in %s" % self.logins_path
|
||||||
|
+
|
||||||
|
+ for k in lkeys:
|
||||||
|
+ u = ldict[k]
|
||||||
|
+ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
|
||||||
|
else:
|
||||||
|
if heading:
|
||||||
|
print "\n%-25s %-25s\n" % (_("Login Name"), _("SELinux User"))
|
||||||
|
@@ -738,7 +728,8 @@ class seluserRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
|
||||||
if exists:
|
if exists:
|
||||||
@ -335253,7 +335315,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
(rc, u) = semanage_user_create(self.sh)
|
(rc, u) = semanage_user_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -958,6 +923,8 @@ class seluserRecords(semanageRecords):
|
@@ -958,6 +949,8 @@ class seluserRecords(semanageRecords):
|
||||||
print "%-15s %s" % (k, ddict[k][3])
|
print "%-15s %s" % (k, ddict[k][3])
|
||||||
|
|
||||||
class portRecords(semanageRecords):
|
class portRecords(semanageRecords):
|
||||||
@ -335262,7 +335324,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
|
|
||||||
@@ -997,6 +964,9 @@ class portRecords(semanageRecords):
|
@@ -997,6 +990,9 @@ class portRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("Type is required"))
|
raise ValueError(_("Type is required"))
|
||||||
|
|
||||||
@ -335272,7 +335334,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||||
|
|
||||||
(rc, exists) = semanage_port_exists(self.sh, k)
|
(rc, exists) = semanage_port_exists(self.sh, k)
|
||||||
@@ -1056,6 +1026,9 @@ class portRecords(semanageRecords):
|
@@ -1056,6 +1052,9 @@ class portRecords(semanageRecords):
|
||||||
else:
|
else:
|
||||||
raise ValueError(_("Requires setype"))
|
raise ValueError(_("Requires setype"))
|
||||||
|
|
||||||
@ -335282,7 +335344,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||||
|
|
||||||
(rc, exists) = semanage_port_exists(self.sh, k)
|
(rc, exists) = semanage_port_exists(self.sh, k)
|
||||||
@@ -1213,6 +1186,8 @@ class portRecords(semanageRecords):
|
@@ -1213,6 +1212,8 @@ class portRecords(semanageRecords):
|
||||||
print rec
|
print rec
|
||||||
|
|
||||||
class nodeRecords(semanageRecords):
|
class nodeRecords(semanageRecords):
|
||||||
@ -335291,7 +335353,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self,store)
|
semanageRecords.__init__(self,store)
|
||||||
self.protocol = ["ipv4", "ipv6"]
|
self.protocol = ["ipv4", "ipv6"]
|
||||||
@@ -1252,7 +1227,10 @@ class nodeRecords(semanageRecords):
|
@@ -1252,7 +1253,10 @@ class nodeRecords(semanageRecords):
|
||||||
serange = untranslate(serange)
|
serange = untranslate(serange)
|
||||||
|
|
||||||
if ctype == "":
|
if ctype == "":
|
||||||
@ -335303,7 +335365,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1262,7 +1240,8 @@ class nodeRecords(semanageRecords):
|
@@ -1262,7 +1266,8 @@ class nodeRecords(semanageRecords):
|
||||||
|
|
||||||
(rc, exists) = semanage_node_exists(self.sh, k)
|
(rc, exists) = semanage_node_exists(self.sh, k)
|
||||||
if exists:
|
if exists:
|
||||||
@ -335313,7 +335375,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
(rc, node) = semanage_node_create(self.sh)
|
(rc, node) = semanage_node_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1318,6 +1297,9 @@ class nodeRecords(semanageRecords):
|
@@ -1318,6 +1323,9 @@ class nodeRecords(semanageRecords):
|
||||||
if serange == "" and setype == "":
|
if serange == "" and setype == "":
|
||||||
raise ValueError(_("Requires setype or serange"))
|
raise ValueError(_("Requires setype or serange"))
|
||||||
|
|
||||||
@ -335323,7 +335385,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create key for %s") % addr)
|
raise ValueError(_("Could not create key for %s") % addr)
|
||||||
@@ -1460,7 +1442,8 @@ class interfaceRecords(semanageRecords):
|
@@ -1460,7 +1468,8 @@ class interfaceRecords(semanageRecords):
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
raise ValueError(_("Could not check if interface %s is defined") % interface)
|
||||||
if exists:
|
if exists:
|
||||||
@ -335333,7 +335395,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
(rc, iface) = semanage_iface_create(self.sh)
|
(rc, iface) = semanage_iface_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1625,6 +1608,9 @@ class interfaceRecords(semanageRecords):
|
@@ -1625,6 +1634,9 @@ class interfaceRecords(semanageRecords):
|
||||||
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
|
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
|
||||||
|
|
||||||
class fcontextRecords(semanageRecords):
|
class fcontextRecords(semanageRecords):
|
||||||
@ -335343,7 +335405,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
self.equiv = {}
|
self.equiv = {}
|
||||||
@@ -1739,6 +1725,9 @@ class fcontextRecords(semanageRecords):
|
@@ -1739,6 +1751,9 @@ class fcontextRecords(semanageRecords):
|
||||||
if type == "":
|
if type == "":
|
||||||
raise ValueError(_("SELinux Type is required"))
|
raise ValueError(_("SELinux Type is required"))
|
||||||
|
|
||||||
@ -335353,7 +335415,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create key for %s") % target)
|
raise ValueError(_("Could not create key for %s") % target)
|
||||||
@@ -1753,7 +1742,8 @@ class fcontextRecords(semanageRecords):
|
@@ -1753,7 +1768,8 @@ class fcontextRecords(semanageRecords):
|
||||||
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
||||||
|
|
||||||
if exists:
|
if exists:
|
||||||
@ -335363,7 +335425,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
|
|
||||||
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
(rc, fcontext) = semanage_fcontext_create(self.sh)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
@@ -1794,6 +1784,9 @@ class fcontextRecords(semanageRecords):
|
@@ -1794,6 +1810,9 @@ class fcontextRecords(semanageRecords):
|
||||||
def __modify(self, target, setype, ftype, serange, seuser):
|
def __modify(self, target, setype, ftype, serange, seuser):
|
||||||
if serange == "" and setype == "" and seuser == "":
|
if serange == "" and setype == "" and seuser == "":
|
||||||
raise ValueError(_("Requires setype, serange or seuser"))
|
raise ValueError(_("Requires setype, serange or seuser"))
|
||||||
@ -335373,7 +335435,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
self.validate(target)
|
self.validate(target)
|
||||||
|
|
||||||
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
|
||||||
@@ -1999,6 +1992,8 @@ class booleanRecords(semanageRecords):
|
@@ -1999,6 +2018,8 @@ class booleanRecords(semanageRecords):
|
||||||
self.modify_local = False
|
self.modify_local = False
|
||||||
|
|
||||||
def __mod(self, name, value):
|
def __mod(self, name, value):
|
||||||
@ -335382,7 +335444,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
(rc, k) = semanage_bool_key_create(self.sh, name)
|
(rc, k) = semanage_bool_key_create(self.sh, name)
|
||||||
if rc < 0:
|
if rc < 0:
|
||||||
raise ValueError(_("Could not create a key for %s") % name)
|
raise ValueError(_("Could not create a key for %s") % name)
|
||||||
@@ -2028,8 +2023,6 @@ class booleanRecords(semanageRecords):
|
@@ -2028,8 +2049,6 @@ class booleanRecords(semanageRecords):
|
||||||
semanage_bool_free(b)
|
semanage_bool_free(b)
|
||||||
|
|
||||||
def modify(self, name, value = None, use_file = False):
|
def modify(self, name, value = None, use_file = False):
|
||||||
@ -335391,7 +335453,7 @@ index ad7dc8c..f2b8721 100644
|
|||||||
self.begin()
|
self.begin()
|
||||||
if use_file:
|
if use_file:
|
||||||
fd = open(name)
|
fd = open(name)
|
||||||
@@ -2120,10 +2113,7 @@ class booleanRecords(semanageRecords):
|
@@ -2120,10 +2139,7 @@ class booleanRecords(semanageRecords):
|
||||||
|
|
||||||
def get_category(self, name):
|
def get_category(self, name):
|
||||||
name = selinux.selinux_boolean_sub(name)
|
name = selinux.selinux_boolean_sub(name)
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.1.13
|
Version: 2.1.13
|
||||||
Release: 32%{?dist}
|
Release: 33%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|||||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-33
|
||||||
|
- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
|
||||||
|
|
||||||
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
|
||||||
- Fix booleansPage not showing booleans
|
- Fix booleansPage not showing booleans
|
||||||
- Fix audit2allow -b
|
- Fix audit2allow -b
|
||||||
|
Loading…
Reference in New Issue
Block a user