diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 83dd5ab..be7d512 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,88 +1,47 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon ---- nsapolicycoreutils/scripts/genhomedircon 2006-01-05 10:35:49.000000000 -0500 -+++ policycoreutils-1.29.5/scripts/genhomedircon 2006-01-10 14:10:21.000000000 -0500 -@@ -144,7 +144,7 @@ - for i in fd.read().split('\n'): - if i.find("HOME_ROOT") == 0: - i=i.replace("HOME_ROOT", homedir) -- ret = i+"\n" -+ ret += i+"\n" - fd.close() - if ret=="": - errorExit("No Home Root Context Found") -@@ -162,9 +162,10 @@ - for idx in range(self.usize): - user = semanage_user_by_idx(self.ulist, idx) - if semanage_user_get_name(user) == name: -- #role=semanage_user_get_defrole(user) -- #return role -- return "user_r" -+ if name == "staff_u" or name == "root" and self.type != "targeted": -+ return "staff_r" -+ else: -+ return "user_r" - return name - def getOldRole(self, role): - rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s"' % role, "=") -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile ---- nsapolicycoreutils/semanage/Makefile 2005-11-29 10:55:01.000000000 -0500 -+++ policycoreutils-1.29.5/semanage/Makefile 2006-01-06 14:34:47.000000000 -0500 -@@ -2,6 +2,8 @@ - PREFIX ?= ${DESTDIR}/usr - SBINDIR ?= $(PREFIX)/sbin - MANDIR = $(PREFIX)/share/man -+PYLIBVER ?= python2.4 -+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage +--- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500 ++++ policycoreutils-1.29.7/semanage/semanage 2006-01-14 01:50:09.000000000 -0500 +@@ -186,6 +186,7 @@ - TARGETS=semanage + if object == "fcontext": + OBJECT.add(target, setype, ftype, serange, seuser) ++ + sys.exit(0); + + if modify: +@@ -210,8 +211,13 @@ + if delete: + if object == "port": + OBJECT.delete(target, proto) ++ ++ if object == "fcontext": ++ OBJECT.delete(target, ftype) ++ + else: + OBJECT.delete(target) ++ + sys.exit(0); + usage() + +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py +--- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500 ++++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-14 01:50:09.000000000 -0500 +@@ -46,7 +46,7 @@ -@@ -12,6 +14,8 @@ - -mkdir -p $(SBINDIR) - install -m 755 semanage $(SBINDIR) - install -m 644 semanage.8 $(MANDIR)/man8 -+ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages -+ install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages - - clean: - -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage ---- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500 -+++ policycoreutils-1.29.5/semanage/semanage 2006-01-06 14:41:04.000000000 -0500 -@@ -20,345 +20,9 @@ - # 02111-1307 USA - # - # --import commands, sys, os, pwd, string, getopt, pwd --from semanage import *; --class loginRecords: -- def __init__(self): -- self.sh = semanage_handle_create() -- self.semanaged = semanage_is_managed(self.sh) -- if self.semanaged: -- semanage_connect(self.sh) -- -- def add(self, name, sename, serange): -- if serange == "": -- serange = "s0" -- if sename == "": -- sename = "user_u" -- -- (rc,k) = semanage_seuser_key_create(self.sh, name) -- if rc < 0: -- raise ValueError("Could not create a key for %s" % name) -- -- (rc,exists) = semanage_seuser_exists(self.sh, k) -- if exists: + (rc,exists) = semanage_seuser_exists(self.sh, k) + if exists: - raise ValueError("SELinux User %s mapping already defined" % name) -- try: -- pwd.getpwnam(name) -- except: -- raise ValueError("Linux User %s does not exist" % name) -- -- (rc,u) = semanage_seuser_create(self.sh) -- if rc < 0: ++ raise ValueError("Login mapping for %s is already defined" % name) + try: + pwd.getpwnam(name) + except: +@@ -54,40 +54,65 @@ + + (rc,u) = semanage_seuser_create(self.sh) + if rc < 0: - raise ValueError("Could not create seuser for %s" % name) -- ++ raise ValueError("Could not create login mapping for %s" % name) + - semanage_seuser_set_name(self.sh, u, name) - semanage_seuser_set_mlsrange(self.sh, u, serange) - semanage_seuser_set_sename(self.sh, u, sename) @@ -90,1135 +49,884 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - semanage_seuser_add(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user mapping") -- -- def modify(self, name, sename = "", serange = ""): -- (rc,k) = semanage_seuser_key_create(self.sh, name) -- if rc < 0: -- raise ValueError("Could not create a key for %s" % name) -- ++ rc = semanage_seuser_set_name(self.sh, u, name) ++ if rc < 0: ++ raise ValueError("Could not set name for %s" % name) ++ ++ rc = semanage_seuser_set_mlsrange(self.sh, u, serange) ++ if rc < 0: ++ raise ValueError("Could not set MLS range for %s" % name) ++ ++ rc = semanage_seuser_set_sename(self.sh, u, sename) ++ if rc < 0: ++ raise ValueError("Could not set SELinux user for %s" % name) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_seuser_modify(self.sh, k, u) ++ if rc < 0: ++ raise ValueError("Failed to add login mapping for %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add login mapping for %s" % name) + + def modify(self, name, sename = "", serange = ""): ++ if sename == "" and serange == "": ++ raise ValueError("Requires seuser or serange") ++ + (rc,k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + - if sename == "" and serange == "": - raise ValueError("Requires, seuser or serange") - -- (rc,exists) = semanage_seuser_exists(self.sh, k) + (rc,exists) = semanage_seuser_exists(self.sh, k) - if exists: - (rc,u) = semanage_seuser_query(self.sh, k) - if rc < 0: - raise ValueError("Could not query seuser for %s" % name) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) -- -- if serange != "": -- semanage_seuser_set_mlsrange(self.sh, u, serange) -- if sename != "": -- semanage_seuser_set_sename(self.sh, u, sename) ++ if not exists: ++ raise ValueError("Login mapping for %s is not defined" % name) ++ ++ (rc,u) = semanage_seuser_query(self.sh, k) ++ if rc < 0: ++ raise ValueError("Could not query seuser for %s" % name) + + if serange != "": + semanage_seuser_set_mlsrange(self.sh, u, serange) + if sename != "": + semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) -- semanage_seuser_modify(self.sh, k, u) +- semanage_seuser_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user mapping") -- -- -- def delete(self, name): -- (rc,k) = semanage_seuser_key_create(self.sh, name) -- if rc < 0: -- raise ValueError("Could not create a key for %s" % name) -- -- (rc,exists) = semanage_seuser_exists(self.sh, k) -- if not exists: ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not srart semanage transaction") ++ ++ rc = semanage_seuser_modify(self.sh, k, u) ++ if rc < 0: ++ raise ValueError("Failed to modify login mapping for %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to modify login mapping for %s" % name) ++ + def delete(self, name): + (rc,k) = semanage_seuser_key_create(self.sh, name) + if rc < 0: +@@ -95,15 +120,26 @@ + + (rc,exists) = semanage_seuser_exists(self.sh, k) + if not exists: - raise ValueError("SELinux user %s mapping is not defined." % name) - semanage_begin_transaction(self.sh) - semanage_seuser_del(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("SELinux User %s mapping not defined" % name) -- -- def list(self,heading=1): -- if heading: -- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") ++ raise ValueError("Login mapping for %s is not defined" % name) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_seuser_del(self.sh, k) ++ if rc < 0: ++ raise ValueError("Failed to delete login mapping for %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to delete login mapping for %s" % name) + + def get_all(self): + dict={} - (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) -- for idx in range(self.usize): -- u = semanage_seuser_by_idx(self.ulist, idx) -- name = semanage_seuser_get_name(u) -- print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) -- --class seluserRecords: -- def __init__(self): -- roles = [] -- self.sh = semanage_handle_create() -- self.semanaged = semanage_is_managed(self.sh) -- if self.semanaged: -- semanage_connect(self.sh) -- -- def add(self, name, roles, selevel, serange): -- if serange == "": -- serange = "s0" -- if selevel == "": -- selevel = "s0" -- -- (rc,k) = semanage_user_key_create(self.sh, name) -- if rc < 0: -- raise ValueError("Could not create a key for %s" % name) -- -- (rc,exists) = semanage_user_exists_local(self.sh, k) ++ (rc, self.ulist, self.usize) = semanage_seuser_list(self.sh) ++ if rc < 0: ++ raise ValueError("Could not list login mappings") ++ + for idx in range(self.usize): + u = semanage_seuser_by_idx(self.ulist, idx) + name = semanage_seuser_get_name(u) +@@ -134,40 +170,59 @@ + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: -- (rc,exists) = semanage_user_exists(self.sh, k) -- if not exists: -- raise ValueError("SELinux user %s is already defined." % name) -- -- (rc,u) = semanage_user_create(self.sh) -- if rc < 0: +- raise ValueError("SELinux user %s is already defined." % name) ++ if exists: ++ raise ValueError("SELinux user %s is already defined" % name) + + (rc,u) = semanage_user_create(self.sh) + if rc < 0: - raise ValueError("Could not create login mapping for %s" % name) -- ++ raise ValueError("Could not create SELinux user for %s" % name) ++ ++ rc = semanage_user_set_name(self.sh, u, name) ++ if rc < 0: ++ raise ValueError("Could not set name for %s" % name) + - semanage_user_set_name(self.sh, u, name) -- for r in roles: + for r in roles: - semanage_user_add_role(self.sh, u, r) - semanage_user_set_mlsrange(self.sh, u, serange) - semanage_user_set_mlslevel(self.sh, u, selevel) -- (rc,key) = semanage_user_key_extract(self.sh,u) -- if rc < 0: -- raise ValueError("Could not extract key for %s" % name) -- ++ rc = semanage_user_add_role(self.sh, u, r) ++ if rc < 0: ++ raise ValueError("Could not add role %s for %s" % (r, name)) ++ ++ rc = semanage_user_set_mlsrange(self.sh, u, serange) ++ if rc < 0: ++ raise ValueError("Could not set MLS range for %s" % name) ++ ++ rc = semanage_user_set_mlslevel(self.sh, u, selevel) ++ if rc < 0: ++ raise ValueError("Could not set MLS level for %s" % name) ++ + (rc,key) = semanage_user_key_extract(self.sh,u) + if rc < 0: + raise ValueError("Could not extract key for %s" % name) + - semanage_begin_transaction(self.sh) -- semanage_user_add_local(self.sh, k, u) +- semanage_user_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add SELinux user") -- -- def modify(self, name, roles = [], selevel = "", serange = ""): -- if len(roles) == 0 and serange == "" and selevel == "": ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_user_modify_local(self.sh, k, u) ++ if rc < 0: ++ raise ValueError("Failed to add SELinux user %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add SELinux user %s" % name) + + def modify(self, name, roles = [], selevel = "", serange = ""): + if len(roles) == 0 and serange == "" and selevel == "": - raise ValueError("Requires, roles, level or range") -- -- (rc,k) = semanage_user_key_create(self.sh, name) -- if rc < 0: -- raise ValueError("Could not create a key for %s" % name) -- -- (rc,exists) = semanage_user_exists_local(self.sh, k) ++ raise ValueError("Requires roles, level or range") + + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: + raise ValueError("Could not create a key for %s" % name) + + (rc,exists) = semanage_user_exists(self.sh, k) - if exists: -- (rc,u) = semanage_user_query_local(self.sh, k) +- (rc,u) = semanage_user_query(self.sh, k) - else: -- (rc,exists) = semanage_user_exists(self.sh, k) -- if exists: -- (rc,u) = semanage_user_query(self.sh, k) -- else: -- raise ValueError("SELinux user %s mapping is not defined." % name) -- if rc < 0: -- raise ValueError("Could not query user for %s" % name) -- -- if serange != "": -- semanage_user_set_mlsrange(self.sh, u, serange) -- if selevel != "": -- semanage_user_set_mlslevel(self.sh, u, selevel) -- if len(roles) < 0: -- for r in roles: -- semanage_user_add_role(self.sh, u, r) +- raise ValueError("SELinux user %s mapping is not defined locally." % name) ++ if not exists: ++ raise ValueError("SELinux user %s is not defined" % name) ++ ++ (rc,u) = semanage_user_query(self.sh, k) + if rc < 0: + raise ValueError("Could not query user for %s" % name) + +@@ -178,35 +233,57 @@ + if len(roles) != 0: + for r in roles: + semanage_user_add_role(self.sh, u, r) - semanage_begin_transaction(self.sh) - semanage_user_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user") -- -- def delete(self, name): -- (rc,k) = semanage_user_key_create(self.sh, name) -- if rc < 0: ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_user_modify_local(self.sh, k, u) ++ if rc < 0: ++ raise ValueError("Failed to modify SELinux user %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to modify SELinux user %s" % name) + + def delete(self, name): + (rc,k) = semanage_user_key_create(self.sh, name) + if rc < 0: - raise ValueError("Could not crpppeate a key for %s" % name) -- -- (rc,exists) = semanage_user_exists_local(self.sh, k) -- if not exists: ++ raise ValueError("Could not create a key for %s" % name) ++ + (rc,exists) = semanage_user_exists(self.sh, k) + if not exists: - raise ValueError("user %s is not defined" % name) +- else: +- (rc,exists) = semanage_user_exists_local(self.sh, k) +- if not exists: +- raise ValueError("user %s is not defined locally, can not delete " % name) +- - semanage_begin_transaction(self.sh) - semanage_user_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Login User %s not defined" % name) -- -- def list(self, heading=1): -- if heading: -- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") -- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") ++ raise ValueError("SELinux user %s is not defined" % name) ++ ++ (rc,exists) = semanage_user_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_user_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError("Failed to delete SELinux user %s" % name) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to delete SELinux user %s" % name) + + def get_all(self): + dict={} - (status, self.ulist, self.usize) = semanage_user_list(self.sh) -- for idx in range(self.usize): -- u = semanage_user_by_idx(self.ulist, idx) -- name = semanage_user_get_name(u) ++ (rc, self.ulist, self.usize) = semanage_user_list(self.sh) ++ if rc < 0: ++ raise ValueError("Could not list SELinux users") ++ + for idx in range(self.usize): + u = semanage_user_by_idx(self.ulist, idx) + name = semanage_user_get_name(u) - (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) -- roles = "" -- -- if rlist_size: -- roles += char_by_idx(rlist, 0) -- for ridx in range (1,rlist_size): -- roles += " " + char_by_idx(rlist, ridx) -- print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) -- --class portRecords: -- def __init__(self): -- self.sh = semanage_handle_create() -- self.semanaged = semanage_is_managed(self.sh) -- if self.semanaged: -- semanage_connect(self.sh) -- -- def __genkey(self, port, proto): -- if proto == "tcp": -- proto_d=SEMANAGE_PROTO_TCP -- else: -- if proto == "udp": -- proto_d=SEMANAGE_PROTO_UDP -- else: -- raise ValueError("Protocol udp or tcp is required") -- if port == "": -- raise ValueError("Port is required") -- -- ports=port.split("-") -- if len(ports) == 1: -- low=string.atoi(ports[0]) -- high=string.atoi(ports[0]) -- else: -- low=string.atoi(ports[0]) -- high=string.atoi(ports[1]) -- -- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) -- if rc < 0: -- raise ValueError("Could not create a key for %s/%s" % (proto, port)) -- return ( k, proto_d, low, high ) -- -- def add(self, port, proto, serange, type): -- if serange == "": -- serange="s0" -- -- if type == "": -- raise ValueError("Type is required") -- -- ( k, proto_d, low, high ) = self.__genkey(port, proto) -- -- (rc,exists) = semanage_port_exists(self.sh, k) -- if exists: -- raise ValueError("Port %s/%s already defined" % (proto, port)) -- -- (rc,exists) = semanage_port_exists_local(self.sh, k) -- if exists: -- raise ValueError("Port %s/%s already defined locally" % (proto, port)) -- -- (rc,p) = semanage_port_create(self.sh) -- if rc < 0: -- raise ValueError("Could not create port for %s/%s" % (proto, port)) -- -- semanage_port_set_proto(p, proto_d) -- semanage_port_set_range(p, low, high) -- (rc, con) = semanage_context_create(self.sh) -- if rc < 0: -- raise ValueError("Could not create context for %s/%s" % (proto, port)) -- ++ (rc, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) ++ if rc < 0: ++ raise ValueError("Could not list roles for user %s" % name) ++ + roles = "" + + if rlist_size: +@@ -278,62 +355,97 @@ + if rc < 0: + raise ValueError("Could not create context for %s/%s" % (proto, port)) + - semanage_context_set_user(self.sh, con, "system_u") - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) -- semanage_port_set_con(p, con) - semanage_begin_transaction(self.sh) -- semanage_port_add_local(self.sh, k, p) ++ rc = semanage_context_set_user(self.sh, con, "system_u") ++ if rc < 0: ++ raise ValueError("Could not set user in port context for %s/%s" % (proto, port)) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError("Could not set role in port context for %s/%s" % (proto, port)) ++ ++ rc = semanage_context_set_type(self.sh, con, type) ++ if rc < 0: ++ raise ValueError("Could not set type in port context for %s/%s" % (proto, port)) ++ ++ rc = semanage_context_set_mls(self.sh, con, serange) ++ if rc < 0: ++ raise ValueError("Could not set mls fields in port context for %s/%s" % (proto, port)) ++ + semanage_port_set_con(p, con) +- semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") -- -- def modify(self, port, proto, serange, setype): -- if serange == "" and setype == "": -- raise ValueError("Requires, setype or serange") -- -- ( k, proto_d, low, high ) = self.__genkey(port, proto) -- -- (rc,exists) = semanage_port_exists_local(self.sh, k) -- if exists: -- (rc,p) = semanage_port_query_local(self.sh, k) -- (rc,exists) = semanage_port_exists(self.sh, k) -- if exists: -- (rc,p) = semanage_port_query(self.sh, k) -- else: -- raise ValueError("port %s/%s is not defined." % (proto,port)) -+import sys, getopt -+import seobject ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_port_modify_local(self.sh, k, p) ++ if rc < 0: ++ raise ValueError("Failed to add port %s/%s" % (proto, port)) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add port %s/%s" % (proto, port)) -- if rc < 0: -- raise ValueError("Could not query port for %s/%s" % (proto, port)) + def modify(self, port, proto, serange, setype): + if serange == "" and setype == "": +- raise ValueError("Requires, setype or serange") ++ raise ValueError("Requires setype or serange") + + ( k, proto_d, low, high ) = self.__genkey(port, proto) + + (rc,exists) = semanage_port_exists(self.sh, k) +- if exists: +- (rc,p) = semanage_port_query(self.sh, k) +- else: +- raise ValueError("port %s/%s is not defined." % (proto,port)) - -- con = semanage_port_get_con(p) -- semanage_context_set_mls(self.sh, con, serange) -- if serange != "": -- semanage_context_set_mls(self.sh, con, serange) -- if setype != "": -- semanage_context_set_type(self.sh, con, setype) -- semanage_port_set_con(p, con) ++ if not exists: ++ raise ValueError("Port %s/%s is not defined" % (proto,port)) ++ ++ (rc,p) = semanage_port_query(self.sh, k) + if rc < 0: +- raise ValueError("Could not query port for %s/%s" % (proto, port)) ++ raise ValueError("Could not query port %s/%s" % (proto, port)) + + con = semanage_port_get_con(p) +- if rc < 0: +- raise ValueError("Could not get port context for %s/%s" % (proto, port)) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if setype != "": + semanage_context_set_type(self.sh, con, setype) - semanage_begin_transaction(self.sh) - semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") -- -- def delete(self, port, proto): -- ( k, proto_d, low, high ) = self.__genkey(port, proto) -- (rc,exists) = semanage_port_exists_local(self.sh, k) -- if not exists: -- raise ValueError("port %s/%s is not defined localy." % (proto,port)) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_port_modify_local(self.sh, k, p) ++ if rc < 0: ++ raise ValueError("Failed to modify port %s/%s" % (proto, port)) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add port %s/%s" % (proto, port)) + + def delete(self, port, proto): + ( k, proto_d, low, high ) = self.__genkey(port, proto) + (rc,exists) = semanage_port_exists(self.sh, k) + if not exists: +- raise ValueError("port %s/%s is not defined." % (proto,port)) +- else: +- (rc,exists) = semanage_port_exists_local(self.sh, k) +- if not exists: +- raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) - - semanage_begin_transaction(self.sh) - semanage_port_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: - raise ValueError("Port %s/%s not defined" % (proto,port)) -- -- def list(self, heading=1): -- (status, self.plist, self.psize) = semanage_port_list(self.sh) -- if heading: -- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") -- dict={} -- for idx in range(self.psize): -- u = semanage_port_by_idx(self.plist, idx) -- con = semanage_port_get_con(u) -- name = semanage_context_get_type(con) -- proto=semanage_port_get_proto_str(u) -- low=semanage_port_get_low(u) -- high = semanage_port_get_high(u) -- if (name, proto) not in dict.keys(): -- dict[(name,proto)]=[] -- if low == high: -- dict[(name,proto)].append("%d" % low) -- else: -- dict[(name,proto)].append("%d-%d" % (low, high)) -- (status, self.plist, self.psize) = semanage_port_list_local(self.sh) -- for idx in range(self.psize): -- u = semanage_port_by_idx(self.plist, idx) -- con = semanage_port_get_con(u) -- name = semanage_context_get_type(con) -- proto=semanage_port_get_proto_str(u) -- low=semanage_port_get_low(u) -- high = semanage_port_get_high(u) -- if (name, proto) not in dict.keys(): -- dict[(name,proto)]=[] -- if low == high: -- dict[(name,proto)].append("%d" % low) -- else: -- dict[(name,proto)].append("%d-%d" % (low, high)) -- for i in dict.keys(): -- rec = "%-30s %-8s " % i -- rec += "%s" % dict[i][0] -- for p in dict[i][1:]: -- rec += ", %s" % p -- print rec -- - if __name__ == '__main__': - - def usage(message = ""): -@@ -366,8 +30,11 @@ - semanage user [-admsRrh] SELINUX_USER\n\ - semanage login [-admsrh] LOGIN_NAME\n\ - semanage port [-admth] PORT | PORTRANGE\n\ -+semanage interface [-admth] INTERFACE\n\ -+semanage fcontext [-admhfst] INTERFACE\n\ - -a, --add Add a OBJECT record NAME\n\ - -d, --delete Delete a OBJECT record NAME\n\ -+ -f, --ftype File Type of OBJECT \n\ - -h, --help display this message\n\ - -l, --list List the OBJECTS\n\ - -n, --noheading Do not print heading when listing OBJECTS\n\ -@@ -391,7 +58,7 @@ - # - # - try: -- objectlist = ("login", "user", "port") -+ objectlist = ("login", "user", "port", "interface", "fcontext") - input = sys.stdin - output = sys.stdout - serange = "" -@@ -399,6 +66,7 @@ - proto = "" - selevel = "" - setype = "" -+ ftype = "" - roles = "" - seuser = "" - heading=1 -@@ -416,9 +84,10 @@ - - args = sys.argv[2:] - gopts, cmds = getopt.getopt(args, -- 'adlhmnp:P:s:R:r:t:v', -+ 'adf:lhmnp:P:s:R:r:t:v', - ['add', - 'delete', -+ 'ftype=', - 'help', - 'list', - 'modify', -@@ -441,6 +110,8 @@ - if modify or add: - usage() - delete = 1 -+ if o == "-f" or o == "--ftype": -+ ftype=a - if o == "-h" or o == "--help": - usage() - -@@ -474,13 +145,19 @@ - verbose = 1 - - if object == "login": -- OBJECT = loginRecords() -+ OBJECT = seobject.loginRecords() - - if object == "user": -- OBJECT = seluserRecords() -+ OBJECT = seobject.seluserRecords() - - if object == "port": -- OBJECT = portRecords() -+ OBJECT = seobject.portRecords() ++ raise ValueError("Port %s/%s is not defined" % (proto, port)) + -+ if object == "interface": -+ OBJECT = seobject.interfaceRecords() -+ -+ if object == "fcontext": -+ OBJECT = seobject.fcontextRecords() ++ (rc,exists) = semanage_port_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("Port %s/%s is defined in policy, cannot be deleted" % (proto, port)) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_port_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError("Could not delete port %s/%s" % (proto, port)) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Could not delete port %s/%s" % (proto, port)) - if list: - OBJECT.list(heading) -@@ -504,6 +181,11 @@ - if object == "port": - OBJECT.add(target, proto, serange, setype) - -+ if object == "interface": -+ OBJECT.add(target, serange, setype) + def get_all(self): + dict={} +- (status, self.plist, self.psize) = semanage_port_list(self.sh) ++ (rc, self.plist, self.psize) = semanage_port_list(self.sh) ++ if rc < 0: ++ raise ValueError("Could not list ports") + -+ if object == "fcontext": -+ OBJECT.add(target, setype, ftype, serange, seuser) - sys.exit(0); + for idx in range(self.psize): + u = semanage_port_by_idx(self.plist, idx) + con = semanage_port_get_con(u) +@@ -375,83 +487,122 @@ + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: +- raise ValueError("Can't create key for %s" % interface) ++ raise ValueError("Could not create key for %s" % interface) ++ + (rc,exists) = semanage_iface_exists(self.sh, k) + if exists: + raise ValueError("Interface %s already defined" % interface) + + (rc,iface) = semanage_iface_create(self.sh) + if rc < 0: +- raise ValueError("Could not create interface for %s" % (interface)) ++ raise ValueError("Could not create interface for %s" % interface) + + rc = semanage_iface_set_name(self.sh, iface, interface) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % interface) + +- semanage_context_set_user(self.sh, con, "system_u") +- semanage_context_set_role(self.sh, con, "object_r") +- semanage_context_set_type(self.sh, con, type) +- semanage_context_set_mls(self.sh, con, serange) +- semanage_begin_transaction(self.sh) ++ rc = semanage_context_set_user(self.sh, con, "system_u") ++ if rc < 0: ++ raise ValueError("Could not set user in interface context for %s" % interface) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError("Could not set role in interface context for %s" % interface) ++ ++ rc = semanage_context_set_type(self.sh, con, type) ++ if rc < 0: ++ raise ValueError("Could not set type in interface context for %s" % interface) ++ ++ rc = semanage_context_set_mls(self.sh, con, serange) ++ if rc < 0: ++ raise ValueError("Could not set mls fields in interface context for %s" % interface) ++ ++ (rc, con2) = semanage_context_clone(self.sh, con) ++ if rc < 0: ++ raise ValueError("Could not clone interface context for %s" % interface) ++ + semanage_iface_set_ifcon(iface, con) +- semanage_iface_set_msgcon(iface, con) +- semanage_iface_add_local(self.sh, k, iface) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add interface") ++ semanage_iface_set_msgcon(iface, con2) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_iface_modify_local(self.sh, k, iface) ++ if rc < 0: ++ raise ValueError("Failed to add interface %s" % interface) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add interface %s" % interface) + + def modify(self, interface, serange, setype): + if serange == "" and setype == "": +- raise ValueError("Requires, setype or serange") ++ raise ValueError("Requires setype or serange") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: +- raise ValueError("Can't creater key for %s" % interface) +- (rc,exists) = semanage_iface_exists(self.sh, k) +- if exists: +- (rc,p) = semanage_iface_query(self.sh, k) +- else: +- raise ValueError("interface %s is not defined." % interface) ++ raise ValueError("Could not create key for %s" % interface) + ++ (rc,exists) = semanage_iface_exists(self.sh, k) ++ if not exists: ++ raise ValueError("Interface %s is not defined" % interface) ++ ++ (rc,p) = semanage_iface_query(self.sh, k) + if rc < 0: +- raise ValueError("Could not query interface for %s" % interface) ++ raise ValueError("Could not query interface %s" % interface) + + con = semanage_iface_get_ifcon(p) +- if rc < 0: +- raise ValueError("Could not get interface context for %s" % interface) - if modify: -@@ -516,7 +198,13 @@ + if serange != "": + semanage_context_set_mls(self.sh, con, serange) + if setype != "": + semanage_context_set_type(self.sh, con, setype) - if object == "port": - OBJECT.modify(target, proto, serange, setype) -- sys.exit(0); +- semanage_begin_transaction(self.sh) +- semanage_iface_modify_local(self.sh, k, p) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add interface") ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") + -+ if object == "interface": -+ OBJECT.modify(target, serange, setype) ++ rc = semanage_iface_modify_local(self.sh, k, p) ++ if rc < 0: ++ raise ValueError("Failed to modify interface %s" % interface) + ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add interface %s" % interface) + -+ if object == "fcontext": -+ OBJECT.modify(target, setype, ftype, serange, seuser) + def delete(self, interface): + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: +- raise ValueError("Can't create key for %s" % interface) ++ raise ValueError("Could not create key for %s" % interface) + - sys.exit(0); + (rc,exists) = semanage_iface_exists(self.sh, k) + if not exists: +- raise ValueError("interface %s is not defined." % interface) +- else: +- (rc,exists) = semanage_iface_exists_local(self.sh, k) +- if not exists: +- raise ValueError("interface %s is not defined localy, can not be deleted." % interface) +- +- semanage_begin_transaction(self.sh) +- semanage_iface_del_local(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Interface %s not defined" % interface) ++ raise ValueError("Interface %s is not defined" % interface) ++ ++ (rc,exists) = semanage_iface_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("Interface %s is defined in policy, cannot be deleted" % interface) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_iface_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError("Failed to delete interface %s" % interface) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to delete interface %s" % interface) + + def get_all(self): + dict={} +- (status, self.plist, self.psize) = semanage_iface_list(self.sh) +- if status < 0: +- raise ValueError("Unable to list interfaces") ++ (rc, self.plist, self.psize) = semanage_iface_list(self.sh) ++ if rc < 0: ++ raise ValueError("Could not list interfaces") ++ + for idx in range(self.psize): + interface = semanage_iface_by_idx(self.plist, idx) + con = semanage_iface_get_ifcon(interface) +@@ -501,48 +652,69 @@ - if delete: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py ---- nsapolicycoreutils/semanage/seobject.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-1.29.5/semanage/seobject.py 2006-01-06 14:30:39.000000000 -0500 -@@ -0,0 +1,722 @@ -+#! /usr/bin/env python -+# Copyright (C) 2005 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# semanage is a tool for managing SELinux configuration files -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: +- raise ValueError("Can't create key for %s" % target) ++ raise ValueError("Could not create key for %s" % target) + -+import pwd, string -+from semanage import *; -+class semanageRecords: -+ def __init__(self): -+ self.sh = semanage_handle_create() -+ self.semanaged = semanage_is_managed(self.sh) -+ if self.semanaged: -+ semanage_connect(self.sh) + (rc,exists) = semanage_fcontext_exists(self.sh, k) +- print (rc, exists, target) + if exists: +- raise ValueError("fcontext %s already defined" % target) ++ raise ValueError("File context for %s already defined" % target) + -+class loginRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ -+ def add(self, name, sename, serange): -+ if serange == "": -+ serange = "s0" -+ if sename == "": -+ sename = "user_u" -+ -+ (rc,k) = semanage_seuser_key_create(self.sh, name) + (rc,fcontext) = semanage_fcontext_create(self.sh) + if rc < 0: +- raise ValueError("Could not create fcontext for %s" % target) ++ raise ValueError("Could not create file context for %s" % target) + + rc = semanage_fcontext_set_expr(self.sh, fcontext, target) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError("Could not create context for %s" % target) + +- semanage_context_set_user(self.sh, con, seuser) +- semanage_context_set_role(self.sh, con, "object_r") +- semanage_context_set_type(self.sh, con, type) +- semanage_context_set_mls(self.sh, con, serange) ++ rc = semanage_context_set_user(self.sh, con, seuser) + if rc < 0: ++ raise ValueError("Could not set user in file context for %s" % target) ++ ++ rc = semanage_context_set_role(self.sh, con, "object_r") ++ if rc < 0: ++ raise ValueError("Could not set role in file context for %s" % target) ++ ++ rc = semanage_context_set_type(self.sh, con, type) ++ if rc < 0: ++ raise ValueError("Could not set type in file context for %s" % target) ++ ++ rc = semanage_context_set_mls(self.sh, con, serange) ++ if rc < 0: ++ raise ValueError("Could not set mls fields in file context for %s" % target) ++ + semanage_fcontext_set_type(fcontext, self.file_types[ftype]) +- semanage_begin_transaction(self.sh) + semanage_fcontext_set_con(fcontext, con) +- semanage_fcontext_add_local(self.sh, k, fcontext) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add fcontext") ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_fcontext_modify_local(self.sh, k, fcontext) ++ if rc < 0: ++ raise ValueError("Failed to add file context for %s" % target) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add file context for %s" % target) + + def modify(self, target, setype, ftype, serange, seuser): + if serange == "" and setype == "" and seuser == "": +- raise ValueError("Requires, setype, serange or seuser") ++ raise ValueError("Requires setype, serange or seuser") + + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: +- raise ValueError("Can't creater key for %s" % target) ++ raise ValueError("Could not create a key for %s" % target) ++ + (rc,exists) = semanage_fcontext_exists(self.sh, k) +- if exists: +- (rc,p) = semanage_fcontext_query(self.sh, k) +- else: +- raise ValueError("fcontext %s is not defined." % target) ++ if not exists: ++ raise ValueError("File context for %s is not defined" % target) ++ ++ (rc,p) = semanage_fcontext_query(self.sh, k) + if rc < 0: +- raise ValueError("Could not query fcontext for %s" % target) ++ raise ValueError("Could not query file context for %s" % target) ++ + con = semanage_fcontext_get_con(p) +- if rc < 0: +- raise ValueError("Could not get fcontext context for %s" % target) + + if serange != "": + semanage_context_set_mls(self.sh, con, serange) +@@ -551,33 +723,48 @@ + if setype != "": + semanage_context_set_type(self.sh, con, setype) + +- semanage_begin_transaction(self.sh) +- semanage_fcontext_modify_local(self.sh, k, p) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add fcontext") ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_fcontext_modify_local(self.sh, k, p) ++ if rc < 0: ++ raise ValueError("Failed to modify file context for %s" % target) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to add file context for %s" % target) + +- def delete(self, target): ++ def delete(self, target, ftype): + (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + if rc < 0: +- raise ValueError("Can't create key for %s" % target) ++ raise ValueError("Could not create a key for %s" % target) ++ + (rc,exists) = semanage_fcontext_exists(self.sh, k) + if not exists: +- raise ValueError("fcontext %s is not defined." % target) +- else: +- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) +- if not exists: +- raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) +- +- semanage_begin_transaction(self.sh) +- semanage_fcontext_del_local(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("fcontext %s not defined" % target) ++ raise ValueError("File context for %s is not defined" % target) ++ ++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("File context for %s is defined in policy, cannot be deleted" % target) ++ ++ rc = semanage_begin_transaction(self.sh) ++ if rc < 0: ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_fcontext_del_local(self.sh, k) ++ if rc < 0: ++ raise ValueError("Failed to delete file context for %s" % target) ++ ++ rc = semanage_commit(self.sh) ++ if rc < 0: ++ raise ValueError("Failed to delete file context for %s" % target) + + def get_all(self): + dict={} +- (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) +- if status < 0: +- raise ValueError("Unable to list fcontexts") ++ (rc, self.plist, self.psize) = semanage_fcontext_list(self.sh) ++ if rc < 0: ++ raise ValueError("Could not list file contexts") + + for idx in range(self.psize): + fcontext = semanage_fcontext_by_idx(self.plist, idx) +@@ -606,117 +793,82 @@ + def __init__(self): + semanageRecords.__init__(self) + +- def add(self, target, type, ftype="", serange="s0", seuser="system_u"): +- if seuser == "": +- seuser="system_u" +- +- if serange == "": +- serange="s0" +- +- if type == "": +- raise ValueError("SELinux Type is required") ++ def modify(self, name, value = ""): ++ if value == "": ++ raise ValueError("Requires value") + +- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) +- if rc < 0: +- raise ValueError("Can't create key for %s" % target) +- (rc,exists) = semanage_fcontext_exists(self.sh, k) +- print (rc, exists, target) +- if exists: +- raise ValueError("fcontext %s already defined" % target) +- (rc,fcontext) = semanage_fcontext_create(self.sh) ++ (rc,k) = semanage_bool_key_create(self.sh, name) + if rc < 0: +- raise ValueError("Could not create fcontext for %s" % target) +- +- rc = semanage_fcontext_set_expr(self.sh, fcontext, target) +- (rc, con) = semanage_context_create(self.sh) +- if rc < 0: +- raise ValueError("Could not create context for %s" % target) +- +- semanage_context_set_user(self.sh, con, seuser) +- semanage_context_set_role(self.sh, con, "object_r") +- semanage_context_set_type(self.sh, con, type) +- semanage_context_set_mls(self.sh, con, serange) +- semanage_fcontext_set_type(fcontext, self.file_types[ftype]) +- semanage_begin_transaction(self.sh) +- semanage_fcontext_set_con(fcontext, con) +- semanage_fcontext_add_local(self.sh, k, fcontext) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add fcontext") + raise ValueError("Could not create a key for %s" % name) + +- def modify(self, target, setype, ftype, serange, seuser): +- if serange == "" and setype == "" and seuser == "": +- raise ValueError("Requires, setype, serange or seuser") ++ (rc,exists) = semanage_bool_exists(self.sh, k) ++ if not exists: ++ raise ValueError("Boolean %s is not defined" % name) + +- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ (rc,b) = semanage_bool_query(self.sh, k) + if rc < 0: +- raise ValueError("Can't creater key for %s" % target) +- (rc,exists) = semanage_fcontext_exists(self.sh, k) +- if exists: +- (rc,p) = semanage_fcontext_query(self.sh, k) +- else: +- raise ValueError("fcontext %s is not defined." % target) ++ raise ValueError("Could not query file context %s" % name) + -+ (rc,exists) = semanage_seuser_exists(self.sh, k) -+ if exists: -+ raise ValueError("SELinux User %s mapping already defined" % name) -+ try: -+ pwd.getpwnam(name) -+ except: -+ raise ValueError("Linux User %s does not exist" % name) -+ -+ (rc,u) = semanage_seuser_create(self.sh) ++ if value != "": ++ nvalue = string.atoi(value) ++ semanage_bool_set_value(b, nvalue) ++ ++ rc = semanage_begin_transaction(self.sh) + if rc < 0: +- raise ValueError("Could not query fcontext for %s" % target) +- con = semanage_fcontext_get_con(p) ++ raise ValueError("Could not start semanage transaction") ++ ++ rc = semanage_bool_modify_local(self.sh, k, b) + if rc < 0: +- raise ValueError("Could not get fcontext context for %s" % target) +- +- if serange != "": +- semanage_context_set_mls(self.sh, con, serange) +- if seuser != "": +- semanage_context_set_user(self.sh, con, seuser) +- if setype != "": +- semanage_context_set_type(self.sh, con, setype) ++ raise ValueError("Failed to modify boolean %s" % name) + +- semanage_begin_transaction(self.sh) +- semanage_fcontext_modify_local(self.sh, k, p) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add fcontext") ++ rc = semanage_commit(self.sh) + if rc < 0: -+ raise ValueError("Could not create seuser for %s" % name) -+ -+ semanage_seuser_set_name(self.sh, u, name) -+ semanage_seuser_set_mlsrange(self.sh, u, serange) -+ semanage_seuser_set_sename(self.sh, u, sename) -+ semanage_begin_transaction(self.sh) -+ semanage_seuser_add(self.sh, k, u) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add SELinux user mapping") -+ -+ def modify(self, name, sename = "", serange = ""): -+ (rc,k) = semanage_seuser_key_create(self.sh, name) -+ if rc < 0: -+ raise ValueError("Could not create a key for %s" % name) -+ -+ if sename == "" and serange == "": -+ raise ValueError("Requires, seuser or serange") -+ -+ (rc,exists) = semanage_seuser_exists(self.sh, k) -+ if exists: -+ (rc,u) = semanage_seuser_query(self.sh, k) -+ if rc < 0: -+ raise ValueError("Could not query seuser for %s" % name) -+ else: -+ raise ValueError("SELinux user %s mapping is not defined." % name) -+ -+ if serange != "": -+ semanage_seuser_set_mlsrange(self.sh, u, serange) -+ if sename != "": -+ semanage_seuser_set_sename(self.sh, u, sename) -+ semanage_begin_transaction(self.sh) -+ semanage_seuser_modify_local(self.sh, k, u) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to modify SELinux user mapping") ++ raise ValueError("Failed to modify boolean %s" % name) + +- def delete(self, target): +- (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) + def delete(self, name): -+ (rc,k) = semanage_seuser_key_create(self.sh, name) -+ if rc < 0: ++ (rc,k) = semanage_bool_key_create(self.sh, name) + if rc < 0: +- raise ValueError("Can't create key for %s" % target) +- (rc,exists) = semanage_fcontext_exists(self.sh, k) + raise ValueError("Could not create a key for %s" % name) + -+ (rc,exists) = semanage_seuser_exists(self.sh, k) ++ (rc,exists) = semanage_bool_exists(self.sh, k) + if not exists: +- raise ValueError("fcontext %s is not defined." % target) +- else: +- (rc,exists) = semanage_fcontext_exists_local(self.sh, k) +- if not exists: +- raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) +- +- semanage_begin_transaction(self.sh) +- semanage_fcontext_del_local(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("fcontext %s not defined" % target) ++ raise ValueError("Boolean %s is not defined" % name) ++ ++ (rc,exists) = semanage_bool_exists_local(self.sh, k) + if not exists: -+ raise ValueError("SELinux user %s mapping is not defined." % name) -+ semanage_begin_transaction(self.sh) -+ semanage_seuser_del(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("SELinux User %s mapping not defined" % name) -+ -+ def get_all(self): -+ dict={} -+ (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) -+ for idx in range(self.usize): -+ u = semanage_seuser_by_idx(self.ulist, idx) -+ name = semanage_seuser_get_name(u) -+ dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) -+ return dict ++ raise ValueError("Boolean %s is defined in policy, cannot be deleted" % name) + -+ def list(self,heading=1): -+ if heading: -+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") -+ dict=self.get_all() -+ keys=dict.keys() -+ keys.sort() -+ for k in keys: -+ print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1]) -+ -+class seluserRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ -+ def add(self, name, roles, selevel, serange): -+ if serange == "": -+ serange = "s0" -+ if selevel == "": -+ selevel = "s0" -+ -+ (rc,k) = semanage_user_key_create(self.sh, name) ++ rc = semanage_begin_transaction(self.sh) + if rc < 0: -+ raise ValueError("Could not create a key for %s" % name) ++ raise ValueError("Could not start semanage transaction") + -+ (rc,exists) = semanage_user_exists(self.sh, k) -+ if not exists: -+ raise ValueError("SELinux user %s is already defined." % name) -+ -+ (rc,u) = semanage_user_create(self.sh) ++ rc = semanage_fcontext_del_local(self.sh, k) + if rc < 0: -+ raise ValueError("Could not create login mapping for %s" % name) -+ -+ semanage_user_set_name(self.sh, u, name) -+ for r in roles: -+ semanage_user_add_role(self.sh, u, r) -+ semanage_user_set_mlsrange(self.sh, u, serange) -+ semanage_user_set_mlslevel(self.sh, u, selevel) -+ (rc,key) = semanage_user_key_extract(self.sh,u) ++ raise ValueError("Failed to delete boolean %s" % name) ++ ++ rc = semanage_commit(self.sh) + if rc < 0: -+ raise ValueError("Could not extract key for %s" % name) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_user_add_local(self.sh, k, u) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add SELinux user") -+ -+ def modify(self, name, roles = [], selevel = "", serange = ""): -+ if len(roles) == 0 and serange == "" and selevel == "": -+ raise ValueError("Requires, roles, level or range") -+ -+ (rc,k) = semanage_user_key_create(self.sh, name) ++ raise ValueError("Failed to delete boolean %s" % name) + + def get_all(self): + dict={} +- (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) +- if status < 0: +- raise ValueError("Unable to list fcontexts") ++ (rc, self.blist, self.bsize) = semanage_bool_list(self.sh) + if rc < 0: -+ raise ValueError("Could not create a key for %s" % name) -+ -+ (rc,exists) = semanage_user_exists(self.sh, k) -+ if exists: -+ (rc,u) = semanage_user_query(self.sh, k) -+ else: -+ raise ValueError("SELinux user %s mapping is not defined locally." % name) -+ if rc < 0: -+ raise ValueError("Could not query user for %s" % name) -+ -+ if serange != "": -+ semanage_user_set_mlsrange(self.sh, u, serange) -+ if selevel != "": -+ semanage_user_set_mlslevel(self.sh, u, selevel) -+ if len(roles) != 0: -+ for r in roles: -+ semanage_user_add_role(self.sh, u, r) -+ semanage_begin_transaction(self.sh) -+ semanage_user_modify_local(self.sh, k, u) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to modify SELinux user") -+ -+ def delete(self, name): -+ (rc,k) = semanage_user_key_create(self.sh, name) -+ if rc < 0: -+ raise ValueError("Could not crpppeate a key for %s" % name) -+ (rc,exists) = semanage_user_exists(self.sh, k) -+ if not exists: -+ raise ValueError("user %s is not defined" % name) -+ else: -+ (rc,exists) = semanage_user_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("user %s is not defined locally, can not delete " % name) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_user_del_local(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Login User %s not defined" % name) -+ -+ def get_all(self): -+ dict={} -+ (status, self.ulist, self.usize) = semanage_user_list(self.sh) -+ for idx in range(self.usize): -+ u = semanage_user_by_idx(self.ulist, idx) -+ name = semanage_user_get_name(u) -+ (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) -+ roles = "" -+ -+ if rlist_size: -+ roles += char_by_idx(rlist, 0) -+ for ridx in range (1,rlist_size): -+ roles += " " + char_by_idx(rlist, ridx) -+ dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) -+ -+ return dict -+ -+ def list(self, heading=1): -+ if heading: -+ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") -+ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") -+ dict=self.get_all() -+ keys=dict.keys() -+ keys.sort() -+ for k in keys: -+ print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2]) -+ -+class portRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ -+ def __genkey(self, port, proto): -+ if proto == "tcp": -+ proto_d=SEMANAGE_PROTO_TCP -+ else: -+ if proto == "udp": -+ proto_d=SEMANAGE_PROTO_UDP -+ else: -+ raise ValueError("Protocol udp or tcp is required") -+ if port == "": -+ raise ValueError("Port is required") -+ -+ ports=port.split("-") -+ if len(ports) == 1: -+ low=string.atoi(ports[0]) -+ high=string.atoi(ports[0]) -+ else: -+ low=string.atoi(ports[0]) -+ high=string.atoi(ports[1]) -+ -+ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) -+ if rc < 0: -+ raise ValueError("Could not create a key for %s/%s" % (proto, port)) -+ return ( k, proto_d, low, high ) -+ -+ def add(self, port, proto, serange, type): -+ if serange == "": -+ serange="s0" -+ -+ if type == "": -+ raise ValueError("Type is required") -+ -+ ( k, proto_d, low, high ) = self.__genkey(port, proto) -+ -+ (rc,exists) = semanage_port_exists(self.sh, k) -+ if exists: -+ raise ValueError("Port %s/%s already defined" % (proto, port)) -+ -+ (rc,p) = semanage_port_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create port for %s/%s" % (proto, port)) -+ -+ semanage_port_set_proto(p, proto_d) -+ semanage_port_set_range(p, low, high) -+ (rc, con) = semanage_context_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create context for %s/%s" % (proto, port)) -+ -+ semanage_context_set_user(self.sh, con, "system_u") -+ semanage_context_set_role(self.sh, con, "object_r") -+ semanage_context_set_type(self.sh, con, type) -+ semanage_context_set_mls(self.sh, con, serange) -+ semanage_begin_transaction(self.sh) -+ semanage_port_set_con(p, con) -+ semanage_port_add_local(self.sh, k, p) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add port") -+ -+ def modify(self, port, proto, serange, setype): -+ if serange == "" and setype == "": -+ raise ValueError("Requires, setype or serange") -+ -+ ( k, proto_d, low, high ) = self.__genkey(port, proto) -+ -+ (rc,exists) = semanage_port_exists(self.sh, k) -+ if exists: -+ (rc,p) = semanage_port_query(self.sh, k) -+ else: -+ raise ValueError("port %s/%s is not defined." % (proto,port)) -+ -+ if rc < 0: -+ raise ValueError("Could not query port for %s/%s" % (proto, port)) -+ -+ con = semanage_port_get_con(p) -+ if rc < 0: -+ raise ValueError("Could not get port context for %s/%s" % (proto, port)) -+ -+ if serange != "": -+ semanage_context_set_mls(self.sh, con, serange) -+ if setype != "": -+ semanage_context_set_type(self.sh, con, setype) -+ semanage_begin_transaction(self.sh) -+ semanage_port_modify_local(self.sh, k, p) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add port") -+ -+ def delete(self, port, proto): -+ ( k, proto_d, low, high ) = self.__genkey(port, proto) -+ (rc,exists) = semanage_port_exists(self.sh, k) -+ if not exists: -+ raise ValueError("port %s/%s is not defined." % (proto,port)) -+ else: -+ (rc,exists) = semanage_port_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_port_del_local(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Port %s/%s not defined" % (proto,port)) -+ -+ def get_all(self): -+ dict={} -+ (status, self.plist, self.psize) = semanage_port_list(self.sh) -+ for idx in range(self.psize): -+ u = semanage_port_by_idx(self.plist, idx) -+ con = semanage_port_get_con(u) -+ name = semanage_context_get_type(con) -+ proto=semanage_port_get_proto_str(u) -+ low=semanage_port_get_low(u) -+ high = semanage_port_get_high(u) -+ if (name, proto) not in dict.keys(): -+ dict[(name,proto)]=[] -+ if low == high: -+ dict[(name,proto)].append("%d" % low) -+ else: -+ dict[(name,proto)].append("%d-%d" % (low, high)) -+ return dict -+ -+ def list(self, heading=1): -+ if heading: -+ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") -+ dict=self.get_all() -+ keys=dict.keys() -+ keys.sort() -+ for i in keys: -+ rec = "%-30s %-8s " % i -+ rec += "%s" % dict[i][0] -+ for p in dict[i][1:]: -+ rec += ", %s" % p -+ print rec -+ -+class interfaceRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ -+ def add(self, interface, serange, type): -+ if serange == "": -+ serange="s0" -+ -+ if type == "": -+ raise ValueError("SELinux Type is required") -+ -+ (rc,k) = semanage_iface_key_create(self.sh, interface) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % interface) -+ (rc,exists) = semanage_iface_exists(self.sh, k) -+ if exists: -+ raise ValueError("Interface %s already defined" % interface) -+ -+ (rc,iface) = semanage_iface_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create interface for %s" % (interface)) -+ -+ rc = semanage_iface_set_name(self.sh, iface, interface) -+ (rc, con) = semanage_context_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create context for %s" % interface) -+ -+ semanage_context_set_user(self.sh, con, "system_u") -+ semanage_context_set_role(self.sh, con, "object_r") -+ semanage_context_set_type(self.sh, con, type) -+ semanage_context_set_mls(self.sh, con, serange) -+ semanage_begin_transaction(self.sh) -+ semanage_iface_set_ifcon(iface, con) -+ semanage_iface_set_msgcon(iface, con) -+ semanage_iface_add_local(self.sh, k, iface) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add interface") -+ -+ def modify(self, interface, serange, setype): -+ if serange == "" and setype == "": -+ raise ValueError("Requires, setype or serange") -+ -+ (rc,k) = semanage_iface_key_create(self.sh, interface) -+ if rc < 0: -+ raise ValueError("Can't creater key for %s" % interface) -+ (rc,exists) = semanage_iface_exists(self.sh, k) -+ if exists: -+ (rc,p) = semanage_iface_query(self.sh, k) -+ else: -+ raise ValueError("interface %s is not defined." % interface) -+ -+ if rc < 0: -+ raise ValueError("Could not query interface for %s" % interface) -+ -+ con = semanage_iface_get_ifcon(p) -+ if rc < 0: -+ raise ValueError("Could not get interface context for %s" % interface) -+ -+ if serange != "": -+ semanage_context_set_mls(self.sh, con, serange) -+ if setype != "": -+ semanage_context_set_type(self.sh, con, setype) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_iface_modify_local(self.sh, k, p) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add interface") -+ -+ def delete(self, interface): -+ (rc,k) = semanage_iface_key_create(self.sh, interface) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % interface) -+ (rc,exists) = semanage_iface_exists(self.sh, k) -+ if not exists: -+ raise ValueError("interface %s is not defined." % interface) -+ else: -+ (rc,exists) = semanage_iface_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("interface %s is not defined localy, can not be deleted." % interface) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_iface_del_local(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Interface %s not defined" % interface) -+ -+ def get_all(self): -+ dict={} -+ (status, self.plist, self.psize) = semanage_iface_list(self.sh) -+ if status < 0: -+ raise ValueError("Unable to list interfaces") -+ for idx in range(self.psize): -+ interface = semanage_iface_by_idx(self.plist, idx) -+ con = semanage_iface_get_ifcon(interface) -+ dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) -+ -+ return dict -+ -+ def list(self, heading=1): -+ if heading: -+ print "%-30s %s\n" % ("SELinux Interface", "Context") -+ dict=self.get_all() -+ keys=dict.keys() -+ keys.sort() -+ for k in keys: -+ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3]) -+ -+class fcontextRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ self.file_types={} -+ self.file_types[""] = SEMANAGE_FCONTEXT_ALL; -+ self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL; -+ self.file_types["--"] = SEMANAGE_FCONTEXT_REG; -+ self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG; -+ self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR; -+ self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR; -+ self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR; -+ self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR; -+ self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK; -+ self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK; -+ self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK; -+ self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK; -+ self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK; -+ self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE; -+ self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE; -+ -+ -+ def add(self, target, type, ftype="", serange="s0", seuser="system_u"): -+ if seuser == "": -+ seuser="system_u" -+ -+ if serange == "": -+ serange="s0" -+ -+ if type == "": -+ raise ValueError("SELinux Type is required") -+ -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ print (rc, exists, target) -+ if exists: -+ raise ValueError("fcontext %s already defined" % target) -+ (rc,fcontext) = semanage_fcontext_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create fcontext for %s" % target) -+ -+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target) -+ (rc, con) = semanage_context_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create context for %s" % target) -+ -+ semanage_context_set_user(self.sh, con, seuser) -+ semanage_context_set_role(self.sh, con, "object_r") -+ semanage_context_set_type(self.sh, con, type) -+ semanage_context_set_mls(self.sh, con, serange) -+ semanage_fcontext_set_type(fcontext, self.file_types[ftype]) -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_set_con(fcontext, con) -+ semanage_fcontext_add_local(self.sh, k, fcontext) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add fcontext") -+ -+ def modify(self, target, setype, ftype, serange, seuser): -+ if serange == "" and setype == "" and seuser == "": -+ raise ValueError("Requires, setype, serange or seuser") -+ -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't creater key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ if exists: -+ (rc,p) = semanage_fcontext_query(self.sh, k) -+ else: -+ raise ValueError("fcontext %s is not defined." % target) -+ if rc < 0: -+ raise ValueError("Could not query fcontext for %s" % target) -+ con = semanage_fcontext_get_con(p) -+ if rc < 0: -+ raise ValueError("Could not get fcontext context for %s" % target) -+ -+ if serange != "": -+ semanage_context_set_mls(self.sh, con, serange) -+ if seuser != "": -+ semanage_context_set_user(self.sh, con, seuser) -+ if setype != "": -+ semanage_context_set_type(self.sh, con, setype) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_modify_local(self.sh, k, p) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add fcontext") -+ -+ def delete(self, target): -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ if not exists: -+ raise ValueError("fcontext %s is not defined." % target) -+ else: -+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_del_local(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("fcontext %s not defined" % target) -+ -+ def get_all(self): -+ dict={} -+ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) -+ if status < 0: -+ raise ValueError("Unable to list fcontexts") -+ -+ for idx in range(self.psize): -+ fcontext = semanage_fcontext_by_idx(self.plist, idx) -+ expr=semanage_fcontext_get_expr(fcontext) -+ ftype=semanage_fcontext_get_type_str(fcontext) -+ con = semanage_fcontext_get_con(fcontext) -+ if con: -+ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) -+ else: -+ dict[expr, ftype]=con -+ -+ return dict -+ -+ def list(self, heading=1): -+ if heading: -+ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") -+ dict=self.get_all() -+ keys=dict.keys() -+ for k in keys: -+ if dict[k]: -+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) -+ else: -+ print "%-50s %-18s <>" % (k[0], k[1]) -+ -+class booleanRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ -+ def add(self, target, type, ftype="", serange="s0", seuser="system_u"): -+ if seuser == "": -+ seuser="system_u" -+ -+ if serange == "": -+ serange="s0" -+ -+ if type == "": -+ raise ValueError("SELinux Type is required") -+ -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ print (rc, exists, target) -+ if exists: -+ raise ValueError("fcontext %s already defined" % target) -+ (rc,fcontext) = semanage_fcontext_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create fcontext for %s" % target) -+ -+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target) -+ (rc, con) = semanage_context_create(self.sh) -+ if rc < 0: -+ raise ValueError("Could not create context for %s" % target) -+ -+ semanage_context_set_user(self.sh, con, seuser) -+ semanage_context_set_role(self.sh, con, "object_r") -+ semanage_context_set_type(self.sh, con, type) -+ semanage_context_set_mls(self.sh, con, serange) -+ semanage_fcontext_set_type(fcontext, self.file_types[ftype]) -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_set_con(fcontext, con) -+ semanage_fcontext_add_local(self.sh, k, fcontext) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add fcontext") -+ -+ def modify(self, target, setype, ftype, serange, seuser): -+ if serange == "" and setype == "" and seuser == "": -+ raise ValueError("Requires, setype, serange or seuser") -+ -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't creater key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ if exists: -+ (rc,p) = semanage_fcontext_query(self.sh, k) -+ else: -+ raise ValueError("fcontext %s is not defined." % target) -+ if rc < 0: -+ raise ValueError("Could not query fcontext for %s" % target) -+ con = semanage_fcontext_get_con(p) -+ if rc < 0: -+ raise ValueError("Could not get fcontext context for %s" % target) -+ -+ if serange != "": -+ semanage_context_set_mls(self.sh, con, serange) -+ if seuser != "": -+ semanage_context_set_user(self.sh, con, seuser) -+ if setype != "": -+ semanage_context_set_type(self.sh, con, setype) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_modify_local(self.sh, k, p) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("Failed to add fcontext") -+ -+ def delete(self, target): -+ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) -+ if rc < 0: -+ raise ValueError("Can't create key for %s" % target) -+ (rc,exists) = semanage_fcontext_exists(self.sh, k) -+ if not exists: -+ raise ValueError("fcontext %s is not defined." % target) -+ else: -+ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) -+ -+ semanage_begin_transaction(self.sh) -+ semanage_fcontext_del_local(self.sh, k) -+ if semanage_commit(self.sh) < 0: -+ raise ValueError("fcontext %s not defined" % target) -+ -+ def get_all(self): -+ dict={} -+ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) -+ if status < 0: -+ raise ValueError("Unable to list fcontexts") -+ -+ for idx in range(self.psize): -+ fcontext = semanage_fcontext_by_idx(self.plist, idx) -+ expr=semanage_fcontext_get_expr(fcontext) -+ ftype=semanage_fcontext_get_type_str(fcontext) -+ con = semanage_fcontext_get_con(fcontext) -+ if con: -+ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) -+ else: -+ dict[expr, ftype]=con -+ -+ return dict -+ -+ def list(self, heading=1): -+ if heading: -+ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") -+ dict=self.get_all() -+ keys=dict.keys() -+ for k in keys: -+ if dict[k]: -+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) -+ else: -+ print "%-50s %-18s <>" % (k[0], k[1]) -+ -+ ++ raise ValueError("Could not list booleans") + +- for idx in range(self.psize): +- fcontext = semanage_fcontext_by_idx(self.plist, idx) +- expr=semanage_fcontext_get_expr(fcontext) +- ftype=semanage_fcontext_get_type_str(fcontext) +- con = semanage_fcontext_get_con(fcontext) +- if con: +- dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) +- else: +- dict[expr, ftype]=con ++ for idx in range(self.bsize): ++ boolean = semanage_bool_by_idx(self.blist, idx) ++ name = semanage_bool_get_name(boolean) ++ value = semanage_bool_get_value(boolean) ++ dict[name] = value + + return dict + + def list(self, heading=1): + if heading: +- print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") ++ print "%-50s %-18s\n" % ("SELinux boolean", "value") + dict=self.get_all() + keys=dict.keys() + for k in keys: + if dict[k]: +- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) +- else: +- print "%-50s %-18s <>" % (k[0], k[1]) +- +- ++ print "%-50s %-18s " % (k[0], dict[k][0]) diff --git a/policycoreutils.spec b/policycoreutils.spec index 857b922..5b218f8 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -4,11 +4,11 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.29.7 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz -#Patch: policycoreutils-rhat.patch +Patch: policycoreutils-rhat.patch BuildRequires: pam-devel libsepol-devel >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} PreReq: /bin/mount /bin/egrep /bin/awk /usr/bin/diff @@ -34,7 +34,7 @@ context. %prep %setup -q -#%patch -p1 -b .rhat +%patch -p2 -b .rhat %build make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" all @@ -97,6 +97,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_libdir}/python2.4/site-packages/seobject.py* %changelog +* Sat Jan 14 2006 Dan Walsh 1.29.7-2 +- Add ivans patch + * Fri Jan 13 2006 Dan Walsh 1.29.7-1 - Update to match NSA * Merged newrole cleanup patch from Steve Grubb.