Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory

This commit is contained in:
Dan Walsh 2012-11-13 17:05:58 -05:00
parent dcda6e4336
commit 356d85e93c
2 changed files with 88 additions and 23 deletions

View File

@ -335150,15 +335150,16 @@ index 63b11dd..28a9022 100644
.TP .TP
.I \-P, \-\-prefix .I \-P, \-\-prefix
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index ad7dc8c..f2b8721 100644 index ad7dc8c..05b8128 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -24,17 +24,18 @@ @@ -24,17 +24,19 @@
import pwd, grp, string, selinux, tempfile, os, re, sys, stat import pwd, grp, string, selinux, tempfile, os, re, sys, stat
from semanage import *; from semanage import *;
PROGNAME = "policycoreutils" PROGNAME = "policycoreutils"
+import sepolicy +import sepolicy
+from sepolicy import boolean_desc, boolean_category +from sepolicy import boolean_desc, boolean_category, gen_bool_dict
+gen_bool_dict()
import sepolgen.module as module import sepolgen.module as module
from IPy import IP from IPy import IP
@ -335177,7 +335178,7 @@ index ad7dc8c..f2b8721 100644
import syslog import syslog
@@ -123,39 +124,6 @@ class nulllogger: @@ -123,39 +125,6 @@ class nulllogger:
def commit(self,success): def commit(self,success):
pass pass
@ -335217,7 +335218,7 @@ index ad7dc8c..f2b8721 100644
def validate_level(raw): def validate_level(raw):
sensitivity = "s[0-9]*" sensitivity = "s[0-9]*"
category = "c[0-9]*" category = "c[0-9]*"
@@ -384,13 +352,7 @@ class permissiveRecords(semanageRecords): @@ -384,13 +353,7 @@ class permissiveRecords(semanageRecords):
return l return l
def list(self, heading = 1, locallist = 0): def list(self, heading = 1, locallist = 0):
@ -335232,7 +335233,7 @@ index ad7dc8c..f2b8721 100644
if len(all) == 0: if len(all) == 0:
return return
@@ -493,7 +455,9 @@ class loginRecords(semanageRecords): @@ -493,7 +456,9 @@ class loginRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name) raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists: if exists:
@ -335243,7 +335244,68 @@ index ad7dc8c..f2b8721 100644
if name[0] == '%': if name[0] == '%':
try: try:
grp.getgrnam(name[1:]) grp.getgrnam(name[1:])
@@ -738,7 +702,8 @@ class seluserRecords(semanageRecords): @@ -654,6 +619,21 @@ class loginRecords(semanageRecords):
self.mylog.commit(0)
raise error
+ def get_all_logins(self):
+ ddict = {}
+ self.logins_path = selinux.selinux_policy_root() + "/logins"
+ for path,dirs,files in os.walk(self.logins_path):
+ if path == self.logins_path:
+ for name in files:
+ try:
+ fd = open(path + "/" + name)
+ rec = fd.read().rstrip().split(":")
+ fd.close()
+ ddict[name] = (rec[1], rec[2], rec[0])
+ except IndexError:
+ pass
+ return ddict
+
def get_all(self, locallist = 0):
ddict = {}
if locallist:
@@ -665,7 +645,7 @@ class loginRecords(semanageRecords):
for u in self.ulist:
name = semanage_seuser_get_name(u)
- ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u), "*")
return ddict
def customized(self):
@@ -679,16 +659,26 @@ class loginRecords(semanageRecords):
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
+ ldict = self.get_all_logins()
+ lkeys = ldict.keys()
keys = ddict.keys()
- if len(keys) == 0:
+ if len(keys) == 0 and len(lkeys) == 0:
return
keys.sort()
+ lkeys.sort()
if is_mls_enabled == 1:
if heading:
- print "\n%-25s %-25s %-25s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"))
+ print "\n%-20s %-20s %-20s %s\n" % (_("Login Name"), _("SELinux User"), _("MLS/MCS Range"), _("Service"))
for k in keys:
- print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
+ u = ddict[k]
+ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
+ if len(lkeys):
+ print "\nLocal customization in %s" % self.logins_path
+
+ for k in lkeys:
+ u = ldict[k]
+ print "%-20s %-20s %-20s %s" % (k, u[0], translate(u[1]), u[2])
else:
if heading:
print "\n%-25s %-25s\n" % (_("Login Name"), _("SELinux User"))
@@ -738,7 +728,8 @@ class seluserRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name) raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists: if exists:
@ -335253,7 +335315,7 @@ index ad7dc8c..f2b8721 100644
(rc, u) = semanage_user_create(self.sh) (rc, u) = semanage_user_create(self.sh)
if rc < 0: if rc < 0:
@@ -958,6 +923,8 @@ class seluserRecords(semanageRecords): @@ -958,6 +949,8 @@ class seluserRecords(semanageRecords):
print "%-15s %s" % (k, ddict[k][3]) print "%-15s %s" % (k, ddict[k][3])
class portRecords(semanageRecords): class portRecords(semanageRecords):
@ -335262,7 +335324,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self, store) semanageRecords.__init__(self, store)
@@ -997,6 +964,9 @@ class portRecords(semanageRecords): @@ -997,6 +990,9 @@ class portRecords(semanageRecords):
if type == "": if type == "":
raise ValueError(_("Type is required")) raise ValueError(_("Type is required"))
@ -335272,7 +335334,7 @@ index ad7dc8c..f2b8721 100644
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
@@ -1056,6 +1026,9 @@ class portRecords(semanageRecords): @@ -1056,6 +1052,9 @@ class portRecords(semanageRecords):
else: else:
raise ValueError(_("Requires setype")) raise ValueError(_("Requires setype"))
@ -335282,7 +335344,7 @@ index ad7dc8c..f2b8721 100644
( k, proto_d, low, high ) = self.__genkey(port, proto) ( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k) (rc, exists) = semanage_port_exists(self.sh, k)
@@ -1213,6 +1186,8 @@ class portRecords(semanageRecords): @@ -1213,6 +1212,8 @@ class portRecords(semanageRecords):
print rec print rec
class nodeRecords(semanageRecords): class nodeRecords(semanageRecords):
@ -335291,7 +335353,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self,store) semanageRecords.__init__(self,store)
self.protocol = ["ipv4", "ipv6"] self.protocol = ["ipv4", "ipv6"]
@@ -1252,7 +1227,10 @@ class nodeRecords(semanageRecords): @@ -1252,7 +1253,10 @@ class nodeRecords(semanageRecords):
serange = untranslate(serange) serange = untranslate(serange)
if ctype == "": if ctype == "":
@ -335303,7 +335365,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0: if rc < 0:
@@ -1262,7 +1240,8 @@ class nodeRecords(semanageRecords): @@ -1262,7 +1266,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k) (rc, exists) = semanage_node_exists(self.sh, k)
if exists: if exists:
@ -335313,7 +335375,7 @@ index ad7dc8c..f2b8721 100644
(rc, node) = semanage_node_create(self.sh) (rc, node) = semanage_node_create(self.sh)
if rc < 0: if rc < 0:
@@ -1318,6 +1297,9 @@ class nodeRecords(semanageRecords): @@ -1318,6 +1323,9 @@ class nodeRecords(semanageRecords):
if serange == "" and setype == "": if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange")) raise ValueError(_("Requires setype or serange"))
@ -335323,7 +335385,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0: if rc < 0:
raise ValueError(_("Could not create key for %s") % addr) raise ValueError(_("Could not create key for %s") % addr)
@@ -1460,7 +1442,8 @@ class interfaceRecords(semanageRecords): @@ -1460,7 +1468,8 @@ class interfaceRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface) raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists: if exists:
@ -335333,7 +335395,7 @@ index ad7dc8c..f2b8721 100644
(rc, iface) = semanage_iface_create(self.sh) (rc, iface) = semanage_iface_create(self.sh)
if rc < 0: if rc < 0:
@@ -1625,6 +1608,9 @@ class interfaceRecords(semanageRecords): @@ -1625,6 +1634,9 @@ class interfaceRecords(semanageRecords):
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2]) print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
class fcontextRecords(semanageRecords): class fcontextRecords(semanageRecords):
@ -335343,7 +335405,7 @@ index ad7dc8c..f2b8721 100644
def __init__(self, store = ""): def __init__(self, store = ""):
semanageRecords.__init__(self, store) semanageRecords.__init__(self, store)
self.equiv = {} self.equiv = {}
@@ -1739,6 +1725,9 @@ class fcontextRecords(semanageRecords): @@ -1739,6 +1751,9 @@ class fcontextRecords(semanageRecords):
if type == "": if type == "":
raise ValueError(_("SELinux Type is required")) raise ValueError(_("SELinux Type is required"))
@ -335353,7 +335415,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0: if rc < 0:
raise ValueError(_("Could not create key for %s") % target) raise ValueError(_("Could not create key for %s") % target)
@@ -1753,7 +1742,8 @@ class fcontextRecords(semanageRecords): @@ -1753,7 +1768,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target) raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists: if exists:
@ -335363,7 +335425,7 @@ index ad7dc8c..f2b8721 100644
(rc, fcontext) = semanage_fcontext_create(self.sh) (rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0: if rc < 0:
@@ -1794,6 +1784,9 @@ class fcontextRecords(semanageRecords): @@ -1794,6 +1810,9 @@ class fcontextRecords(semanageRecords):
def __modify(self, target, setype, ftype, serange, seuser): def __modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "": if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser")) raise ValueError(_("Requires setype, serange or seuser"))
@ -335373,7 +335435,7 @@ index ad7dc8c..f2b8721 100644
self.validate(target) self.validate(target)
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
@@ -1999,6 +1992,8 @@ class booleanRecords(semanageRecords): @@ -1999,6 +2018,8 @@ class booleanRecords(semanageRecords):
self.modify_local = False self.modify_local = False
def __mod(self, name, value): def __mod(self, name, value):
@ -335382,7 +335444,7 @@ index ad7dc8c..f2b8721 100644
(rc, k) = semanage_bool_key_create(self.sh, name) (rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0: if rc < 0:
raise ValueError(_("Could not create a key for %s") % name) raise ValueError(_("Could not create a key for %s") % name)
@@ -2028,8 +2023,6 @@ class booleanRecords(semanageRecords): @@ -2028,8 +2049,6 @@ class booleanRecords(semanageRecords):
semanage_bool_free(b) semanage_bool_free(b)
def modify(self, name, value = None, use_file = False): def modify(self, name, value = None, use_file = False):
@ -335391,7 +335453,7 @@ index ad7dc8c..f2b8721 100644
self.begin() self.begin()
if use_file: if use_file:
fd = open(name) fd = open(name)
@@ -2120,10 +2113,7 @@ class booleanRecords(semanageRecords): @@ -2120,10 +2139,7 @@ class booleanRecords(semanageRecords):
def get_category(self, name): def get_category(self, name):
name = selinux.selinux_boolean_sub(name) name = selinux.selinux_boolean_sub(name)

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.13 Version: 2.1.13
Release: 32%{?dist} Release: 33%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -338,6 +338,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-33
- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32 * Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
- Fix booleansPage not showing booleans - Fix booleansPage not showing booleans
- Fix audit2allow -b - Fix audit2allow -b