rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9

Browse Source 
- Fixes for semanage, patch from Ivan and added a test script
This commit is contained in:
Daniel J Walsh 2005-12-27 15:08:31 +00:00
parent f7cf161040
commit 4c35281455
2 changed files with 444 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

448
policycoreutils-rhat.patch
View File

@ -228,7 +228,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat.8 policyco
chcon(1), selinux(8)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-12-07 07:28:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-23 19:35:20.000000000 -0500
+++ policycoreutils-1.29.2/scripts/genhomedircon 2005-12-27 08:54:19.000000000 -0500
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/python
@ -555,7 +555,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
else:
homedirs.append(homedir)
@@ -333,7 +359,7 @@
@@ -333,7 +359,3 @@
except getopt.error, error:
errorExit("Options Error %s " % error)
@ -563,10 +563,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
- errorExit("ValueError %s" % error)
-except IndexError, error:
- errorExit("IndexError")
+#except ValueError, error:
+# errorExit("ValueError %s" % error)
+#except IndexError, error:
+# errorExit("IndexError %s" % error)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/selisteners policycoreutils-1.29.2/scripts/selisteners
--- nsapolicycoreutils/scripts/selisteners 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/scripts/selisteners 2005-12-22 16:29:28.000000000 -0500
@ -684,8 +680,28 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/tests/setrans.co
+s0:c3=NDA_Yoyodyne
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.2/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2005-11-29 10:55:01.000000000 -0500
+++ policycoreutils-1.29.2/semanage/semanage 2005-12-24 07:16:12.000000000 -0500
@@ -35,7 +35,7 @@
+++ policycoreutils-1.29.2/semanage/semanage 2005-12-27 10:04:46.000000000 -0500
@@ -24,22 +24,27 @@
from semanage import *;
class loginRecords:
def __init__(self):
- self.sh=semanage_handle_create()
- self.semanaged=semanage_is_managed(self.sh)
+ self.sh = semanage_handle_create()
+ self.semanaged = semanage_is_managed(self.sh)
if self.semanaged:
semanage_connect(self.sh)
def add(self, name, sename, serange):
- (rc,k)=semanage_seuser_key_create(self.sh, name)
- (rc,exists)= semanage_seuser_exists(self.sh, k)
+ if serange == "":
+ serange = "s0"
+ if sename == "":
+ sename = "user_u"
+
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
if exists:
raise ValueError("SELinux User %s mapping already defined" % name)
try:
@ -694,3 +710,419 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
except:
raise ValueError("Linux User %s does not exist" % name)
- (rc,u)= semanage_seuser_create(self.sh)
+ (rc,u) = semanage_seuser_create(self.sh)
semanage_seuser_set_name(self.sh, u, name)
semanage_seuser_set_mlsrange(self.sh, u, serange)
semanage_seuser_set_sename(self.sh, u, sename)
@@ -48,12 +53,13 @@
if semanage_commit(self.sh) != 0:
raise ValueError("Failed to add SELinux user mapping")
- def modify(self, name, sename="", serange=""):
- (rc,k)=semanage_seuser_key_create(self.sh, name)
- (rc,u)= semanage_seuser_query(self.sh, k)
- if rc !=0 :
+ def modify(self, name, sename = "", serange = ""):
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if not exists:
raise ValueError("SELinux user %s mapping is not defined." % name)
- if sename == "" and serange=="":
+ (rc,u) = semanage_seuser_query(self.sh, k)
+ if sename == "" and serange == "":
raise ValueError("Requires, seuser or serange")
if serange != "":
semanage_seuser_set_mlsrange(self.sh, u, serange)
@@ -66,9 +72,9 @@
def delete(self, name):
- (rc,k)=semanage_seuser_key_create(self.sh, name)
- (rc,exists)= semanage_seuser_exists(self.sh, k)
- if rc !=0 :
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
+ if not exists:
raise ValueError("SELinux user %s mapping is not defined." % name)
semanage_begin_transaction(self.sh)
semanage_seuser_del(self.sh, k)
@@ -79,25 +85,29 @@
print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
(status, self.ulist, self.usize) = semanage_seuser_list(self.sh)
for idx in range(self.usize):
- u=semanage_seuser_by_idx(self.ulist, idx)
- name=semanage_seuser_get_name(u)
+ u = semanage_seuser_by_idx(self.ulist, idx)
+ name = semanage_seuser_get_name(u)
print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
class seluserRecords:
def __init__(self):
- roles=[]
- self.sh=semanage_handle_create()
- self.semanaged=semanage_is_managed(self.sh)
+ roles = []
+ self.sh = semanage_handle_create()
+ self.semanaged = semanage_is_managed(self.sh)
if self.semanaged:
semanage_connect(self.sh)
def add(self, name, roles, selevel, serange):
- (rc,k)=semanage_user_key_create(self.sh, name)
- (rc,exists)= semanage_user_exists(self.sh, k)
+ if serange == "":
+ serange = "s0"
+ if selevel == "":
+ selevel = "s0"
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
if exists:
raise ValueError("Seuser %s already defined" % name)
- (rc,u)= semanage_user_create(self.sh)
+ (rc,u) = semanage_user_create(self.sh)
semanage_user_set_name(self.sh, u, name)
for r in roles:
semanage_user_add_role(self.sh, u, r)
@@ -109,17 +119,13 @@
if semanage_commit(self.sh) != 0:
raise ValueError("Failed to add SELinux user")
- self.dict[name]=seluser(name, roles, selevel, serange)
-
- def modify(self, name, roles=[], selevel="", serange=""):
- (rc,k)=semanage_user_key_create(self.sh, name)
- (rc,exists)= semanage_user_exists(self.sh, k)
+ def modify(self, name, roles = [], selevel = "", serange = ""):
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
if not exists:
raise ValueError("user %s is not defined" % name)
- (rc,u)= semanage_user_query(self.sh, k)
- if rc !=0 :
- raise ValueError("User %s is not defined." % name)
- if len(roles) == 0 and serange=="" and selevel=="":
+ (rc,u) = semanage_user_query(self.sh, k)
+ if len(roles) == 0 and serange == "" and selevel == "":
raise ValueError("Requires, roles, level or range")
if serange != "":
semanage_user_set_mlsrange(self.sh, u, serange)
@@ -127,17 +133,15 @@
semanage_user_set_mlslevel(self.sh, u, selevel)
if len(roles) != 0:
for r in roles:
- print r
semanage_user_add_role(self.sh, u, r)
semanage_begin_transaction(self.sh)
semanage_user_modify_local(self.sh, k, u)
if semanage_commit(self.sh) != 0:
raise ValueError("Failed to modify SELinux user")
-
def delete(self, name):
- (rc,k)=semanage_user_key_create(self.sh, name)
- (rc,exists)= semanage_user_exists(self.sh, k)
+ (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc,exists) = semanage_user_exists(self.sh, k)
if not exists:
raise ValueError("user %s is not defined" % name)
semanage_begin_transaction(self.sh)
@@ -150,31 +154,30 @@
print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
(status, self.ulist, self.usize) = semanage_user_list(self.sh)
for idx in range(self.usize):
- u=semanage_user_by_idx(self.ulist, idx)
- name=semanage_user_get_name(u)
+ u = semanage_user_by_idx(self.ulist, idx)
+ name = semanage_user_get_name(u)
(status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u)
- roles=""
+ roles = ""
if rlist_size:
- roles+=char_by_idx(rlist, 0)
+ roles += char_by_idx(rlist, 0)
for ridx in range (1,rlist_size):
- roles+=" " + char_by_idx(rlist, ridx)
+ roles += " " + char_by_idx(rlist, ridx)
print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
class portRecords:
def __init__(self):
- self.dict={}
- self.sh=semanage_handle_create()
- self.semanaged=semanage_is_managed(self.sh)
+ self.sh = semanage_handle_create()
+ self.semanaged = semanage_is_managed(self.sh)
if self.semanaged:
semanage_connect(self.sh)
def add(self, name, type):
- (rc,k)=semanage_port_key_create(self.sh, name)
- (rc,exists)= semanage_port_exists(self.sh, k)
+ (rc,k) = semanage_port_key_create(self.sh, name)
+ (rc,exists) = semanage_port_exists(self.sh, k)
if exists:
raise ValueError("User %s already defined" % name)
- (rc,u)= semanage_port_create(self.sh)
+ (rc,u) = semanage_port_create(self.sh)
semanage_port_set_name(self.sh, u, name)
semanage_port_set_mlsrange(self.sh, u, serange)
semanage_port_set_sename(self.sh, u, sename)
@@ -184,11 +187,11 @@
raise ValueError("Failed to add port")
def modify(self, name, type):
- (rc,k)=semanage_port_key_create(self.sh, name)
- (rc,u)= semanage_port_query(self.sh, k)
- if rc !=0 :
+ (rc,k) = semanage_port_key_create(self.sh, name)
+ (rc,u) = semanage_port_query(self.sh, k)
+ if rc != 0 :
raise ValueError("User %s is not defined." % name)
- if sename == "" and serange=="":
+ if sename == "" and serange == "":
raise ValueError("Requires, port or serange")
if serange != "":
semanage_port_set_mlsrange(self.sh, u, serange)
@@ -200,7 +203,7 @@
raise ValueError("Failed to add port")
def delete(self, name):
- (rc,k)=semanage_port_key_create(self.sh, name)
+ (rc,k) = semanage_port_key_create(self.sh, name)
semanage_begin_transaction(self.sh)
semanage_port_del(self.sh, k)
if semanage_commit(self.sh) != 0:
@@ -210,13 +213,13 @@
(status, self.plist, self.psize) = semanage_port_list(self.sh)
print "%-25s %s\n" % ("SELinux Port Name", "Port Number")
for idx in range(self.psize):
- u=semanage_port_by_idx(self.plist, idx)
- name=semanage_port_get_name(u)
+ u = semanage_port_by_idx(self.plist, idx)
+ name = semanage_port_get_name(u)
print "%20s %d" % ( name, semanage_port_get_number(u))
if __name__ == '__main__':
- def usage(message=""):
+ def usage(message = ""):
print '\
semanage user [-admsRrh] SELINUX_USER\n\
semanage login [-admsrh] LOGIN_NAME\n\
@@ -245,26 +248,26 @@
#
#
try:
- objectlist=("login", "user", "port")
- input=sys.stdin
- output=sys.stdout
- serange="s0"
- selevel="s0"
- roles=""
- seuser=""
- type=""
- add=0
- modify=0
- delete=0
- list=0
+ objectlist = ("login", "user", "port")
+ input = sys.stdin
+ output = sys.stdout
+ serange = ""
+ selevel = ""
+ roles = ""
+ seuser = ""
+
+ add = 0
+ modify = 0
+ delete = 0
+ list = 0
if len(sys.argv) < 3:
usage("Requires 2 or more arguments")
- object=sys.argv[1]
+ object = sys.argv[1]
if object not in objectlist:
usage("%s not defined" % object)
- args=sys.argv[2:]
+ args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
'adlhms:R:r:t:v',
['add',
@@ -282,46 +285,46 @@
if o == "-a" or o == "--add":
if modify or delete:
usage()
- add=1
+ add = 1
if o == "-d" or o == "--delese":
if modify or add:
usage()
- delete=1
+ delete = 1
if o == "-h" or o == "--help":
usage()
if o == "-m"or o == "--modify":
if delete or add:
usage()
- modify=1
+ modify = 1
if o == "-r" or o == '--range':
- serange=a
+ serange = a
if o == "-R" or o == '--roles':
- roles=a
+ roles = a
if o == "-t" or o == "--type":
- type=a
+ type = a
if o == "-l" or o == "--list":
- list=1
+ list = 1
if o == "-s" or o == "--seuser":
- seuser=a
+ seuser = a
if o == "-v" or o == "--verbose":
- verbose=1
+ verbose = 1
if object == "login":
- OBJECT=loginRecords()
+ OBJECT = loginRecords()
if object == "user":
- OBJECT=seluserRecords()
+ OBJECT = seluserRecords()
if object == "port":
- OBJECT=portRecords()
+ OBJECT = portRecords()
if list:
OBJECT.list()
@@ -330,21 +333,22 @@
if len(cmds) != 1:
usage()
- name=cmds[0]
+ name = cmds[0]
if add:
if object == "login":
OBJECT.add(name, seuser, serange)
if object == "user":
- rlist=roles.split()
- print rlist
+ rlist = roles.split()
+ if len(rlist) == 0:
+ raise ValueError("You must specify a role")
+
OBJECT.add(name, rlist, selevel, serange)
if object == "port":
OBJECT.add(name, type)
- OBJECT.list()
sys.exit(0);
if modify:
@@ -352,14 +356,12 @@
OBJECT.modify(name, seuser, serange)
if object == "user":
- rlist=roles.split()
- print rlist
+ rlist = roles.split()
OBJECT.modify(name, rlist, selevel, serange)
if object == "port":
OBJECT.modify(name, type)
sys.exit(0);
- OBJECT.list()
sys.exit(0);
if delete:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/tests/semanage_test policycoreutils-1.29.2/semanage/tests/semanage_test
--- nsapolicycoreutils/semanage/tests/semanage_test 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-1.29.2/semanage/tests/semanage_test 2005-12-27 10:07:15.000000000 -0500
@@ -0,0 +1,67 @@
+#!/bin/sh -x
+#
+# This is a test script for the semanage command
+#
+echo "
+
+******************** semanage List Failue test ************************
+"
+semanage -l
+echo "
+
+******************** semanage Mapping test ************************
+"
+echo " * Mapping List test"
+semanage login -l
+echo " * Add mapping exist test"
+semanage login -a root
+echo " * Add new test"
+echo " * Add selinux login to selinux user mapping, username wrong"
+semanage login -a semanage_test1
+userdel -r semanage_test1 2> /dev/null
+useradd semanage_test1
+echo " * Add selinux login to selinux user mapping, Bad SELinux User"
+semanage login -a -s BadUser semanage_test1
+echo " * Add selinux login to selinux user mapping, username correct"
+semanage login -a semanage_test1
+semanage login -l
+userdel -r semanage_test1
+echo " * remove selinux login to selinux user mapping, username wrong"
+semanage login -d semanage_test2
+echo " * remove selinux login to selinux user mapping, username correct"
+semanage login -d semanage_test1
+semanage login -l
+
+echo "
+
+******************** semanage SELinux User test ************************
+"
+echo " * SELinux User List test"
+semanage user -l
+echo " * Add SELinux User exist test: Fail because root exist"
+semanage user -a -R user_r root
+echo " * Add SELinux User exist test: Fail because no role specified"
+semanage user -a -r s0 semanage_test1
+echo " * Add selinux user semanage_test1: Success"
+semanage user -a -R user_r -r s0 semanage_test1
+semanage user -l
+echo " * Modify selinux user semanage_test1 Failue bad range"
+semanage user -m -r BadRange semanage_test1
+echo " * Modify selinux user semanage_test1 Failue bad role"
+semanage user -m -R BadRole semanage_test1
+echo " * Modify selinux user semanage_test1"
+semanage user -m -r s0:c1,c5 semanage_test1
+semanage user -l
+echo " * Delete selinux user semanage_test2: Fail does not exist"
+semanage user -d semanage_test2
+echo " * Delete selinux user semanage_test1"
+semanage user -d semanage_test1
+semanage user -l
+
+#echo "
+#
+#******************** semanage SELinux ports test ************************
+#"
+#semanage port -l
+#semanage port -a httpd_port_t
+#semanage port -d httpd_port_t

5
policycoreutils.spec
View File

@ -4,7 +4,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.29.2
Release: 8
Release: 9
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -96,6 +96,9 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9
- Fixes for semanage, patch from Ivan and added a test script
* Sat Dec 24 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-8
- Fix getpwnam call