* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2
- Patch genhomedircon to use libsemanage.py stuff
This commit is contained in:
parent
d14b8688f8
commit
6c7ca7b42a
@ -1,7 +1,7 @@
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.26/scripts/genhomedircon
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.27/scripts/genhomedircon
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 2005-09-12 16:33:30.000000000 -0400
|
||||
+++ policycoreutils-1.27.26/scripts/genhomedircon 2005-11-09 17:42:11.000000000 -0500
|
||||
@@ -15,30 +15,16 @@
|
||||
+++ policycoreutils-1.27.27/scripts/genhomedircon 2005-11-11 15:11:37.000000000 -0500
|
||||
@@ -15,32 +15,19 @@
|
||||
# The file CONTEXTDIR/files/homedir_template exists. This file is used to
|
||||
# set up the home directory context for each real user.
|
||||
#
|
||||
@ -34,8 +34,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
|
||||
-#
|
||||
|
||||
import commands, sys, os, pwd, string, getopt, re
|
||||
+from semanage import *;
|
||||
|
||||
@@ -67,169 +53,6 @@
|
||||
EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"]
|
||||
|
||||
@@ -67,169 +54,6 @@
|
||||
starting_uid = 500
|
||||
return starting_uid
|
||||
|
||||
@ -205,12 +208,27 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
|
||||
def getDefaultHomeDir():
|
||||
ret = []
|
||||
rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
|
||||
@@ -313,11 +136,8 @@
|
||||
@@ -287,6 +111,11 @@
|
||||
|
||||
class selinuxConfig:
|
||||
def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1):
|
||||
+ self.semanageHandle=semanage_handle_create()
|
||||
+ self.semanaged=semanage_is_managed(self.semanageHandle)
|
||||
+ if self.semanaged:
|
||||
+ semanage_connect(self.semanageHandle)
|
||||
+ (status, self.ulist, self.usize) = semanage_user_list(self.semanageHandle)
|
||||
self.type=type
|
||||
self.selinuxdir=selinuxdir +"/"
|
||||
self.contextdir="/contexts"
|
||||
@@ -313,47 +142,73 @@
|
||||
errorExit(string.join("sed error ", rc[1]))
|
||||
|
||||
def getUsersFile(self):
|
||||
- return self.selinuxdir+self.type+"/users/local.users"
|
||||
+ return self.selinuxdir+self.type+"/seusers"
|
||||
+ if self.semanaged:
|
||||
+ return self.selinuxdir+self.type+"module/active/seusers"
|
||||
+ else:
|
||||
+ return self.selinuxdir+self.type+"/seusers"
|
||||
|
||||
- def getSystemUsersFile(self):
|
||||
- return self.selinuxdir+self.type+"/users/system.users"
|
||||
@ -218,56 +236,97 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
|
||||
def heading(self):
|
||||
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
|
||||
ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile()
|
||||
@@ -325,10 +145,7 @@
|
||||
return ret
|
||||
|
||||
+
|
||||
+ def defaultrole(self, name):
|
||||
+ for idx in range(self.usize):
|
||||
+ user = semanage_user_by_idx(self.ulist, idx)
|
||||
+ if semanage_user_get_name(user) == name:
|
||||
+ role=semanage_user_get_defrole(user)
|
||||
+ if role=="system_r":
|
||||
+ # targeted policy
|
||||
+ return "user_r"
|
||||
+ else:
|
||||
+ return role
|
||||
+ return name
|
||||
+ def adduser(self, udict, user, seuser, role, range):
|
||||
+ try:
|
||||
+ if seuser == "user_u" or user == "__default__":
|
||||
+ return
|
||||
+ # !!! chooses first role in the list to use in the file context !!!
|
||||
+ if role[-2:] == "_r" or role[-2:] == "_u":
|
||||
+ role = role[:-2]
|
||||
+ home = pwd.getpwnam(user)[5]
|
||||
+ if home == "/":
|
||||
+ return
|
||||
+ prefs = {}
|
||||
+ prefs["role"] = role
|
||||
+ prefs["home"] = home
|
||||
+ udict[seuser] = prefs
|
||||
+ except KeyError:
|
||||
+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
|
||||
+
|
||||
def getUsers(self):
|
||||
users=""
|
||||
- users=""
|
||||
- rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
|
||||
- if rc[0] == 0:
|
||||
- users+=rc[1]+"\n"
|
||||
- rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile())
|
||||
+ rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
|
||||
if rc[0] == 0:
|
||||
users+=rc[1]
|
||||
- if rc[0] == 0:
|
||||
- users+=rc[1]
|
||||
udict = {}
|
||||
@@ -336,24 +153,27 @@
|
||||
if users != "":
|
||||
ulist = users.split("\n")
|
||||
- prefs = {}
|
||||
- if users != "":
|
||||
- ulist = users.split("\n")
|
||||
+ if self.semanaged:
|
||||
+ (status, list, lsize) = semanage_seuser_list(self.semanageHandle)
|
||||
+ for idx in range(lsize):
|
||||
+ user=[]
|
||||
+ seuser = semanage_seuser_by_idx(list, idx)
|
||||
+ seusername=semanage_seuser_get_sename(seuser)
|
||||
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername), semanage_seuser_get_mlsrange(seuser))
|
||||
+
|
||||
+ else:
|
||||
+ users=""
|
||||
+ rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
|
||||
+ if rc[0] == 0 and rc[1] != "":
|
||||
+ ulist = rc[1].split("\n")
|
||||
+
|
||||
for u in ulist:
|
||||
- user = u.split()
|
||||
+ if len(u)==0:
|
||||
+ continue
|
||||
+ user = u.split(":")
|
||||
try:
|
||||
- try:
|
||||
- if len(user)==0 or user[1] == "user_u" or user[1] == "system_u":
|
||||
+ if len(user)==0 or user[1] == "user_u":
|
||||
continue
|
||||
# !!! chooses first role in the list to use in the file context !!!
|
||||
- continue
|
||||
- # !!! chooses first role in the list to use in the file context !!!
|
||||
- role = user[3]
|
||||
- if role == "{":
|
||||
- role = user[4]
|
||||
- role = role.split("_r")[0]
|
||||
- home = pwd.getpwnam(user[1])[5]
|
||||
+ if user[0] == "root":
|
||||
+ role="user_u"
|
||||
+ else:
|
||||
+ role = user[1]
|
||||
+ role = role.split("_u")[0]
|
||||
+ home = pwd.getpwnam(user[0])[5]
|
||||
if home == "/":
|
||||
continue
|
||||
prefs = {}
|
||||
prefs["role"] = role
|
||||
prefs["home"] = home
|
||||
- if home == "/":
|
||||
- continue
|
||||
- prefs = {}
|
||||
- prefs["role"] = role
|
||||
- prefs["home"] = home
|
||||
- udict[user[1]] = prefs
|
||||
+ udict[user[0]] = prefs
|
||||
except KeyError:
|
||||
- except KeyError:
|
||||
- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1])
|
||||
+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[0])
|
||||
+ if len(u)==0:
|
||||
+ continue
|
||||
+ user = u.split(":")
|
||||
+ if len(user) < 3:
|
||||
+ continue
|
||||
+ if u[0] == "root":
|
||||
+ role="user"
|
||||
+ else:
|
||||
+ role=u[0]
|
||||
+ self.adduser(udict, u[0], u[1], role, u[2])
|
||||
+
|
||||
return udict
|
||||
|
||||
def getHomeDirContext(self, user, home, role):
|
||||
@@ -362,9 +182,8 @@
|
||||
@@ -362,9 +217,8 @@
|
||||
return ret + rc[1] + "\n"
|
||||
|
||||
def getUserContext(self, user, sel_user, role):
|
||||
@ -278,7 +337,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
|
||||
|
||||
def genHomeDirContext(self):
|
||||
users = self.getUsers()
|
||||
@@ -478,10 +297,6 @@
|
||||
@@ -478,10 +332,6 @@
|
||||
if type==None:
|
||||
type=getSELinuxType(directory)
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
%define libsepolver 1.9.39-1
|
||||
%define libsemanagever 1.3.52-1
|
||||
%define libsemanagever 1.3.53-2
|
||||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.27.27
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -88,6 +88,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
|
||||
%changelog
|
||||
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2
|
||||
- Patch genhomedircon to use libsemanage.py stuff
|
||||
|
||||
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1
|
||||
- Update to match NSA
|
||||
* Merged setsebool cleanup patch from Ivan Gyurdiev.
|
||||
|
Loading…
Reference in New Issue
Block a user