* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2

- Patch genhomedircon to use libsemanage.py stuff
This commit is contained in:
Daniel J Walsh 2005-11-11 20:13:44 +00:00
parent d14b8688f8
commit 6c7ca7b42a
2 changed files with 101 additions and 39 deletions

View File

@ -1,7 +1,7 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.26/scripts/genhomedircon diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.27/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-09-12 16:33:30.000000000 -0400 --- nsapolicycoreutils/scripts/genhomedircon 2005-09-12 16:33:30.000000000 -0400
+++ policycoreutils-1.27.26/scripts/genhomedircon 2005-11-09 17:42:11.000000000 -0500 +++ policycoreutils-1.27.27/scripts/genhomedircon 2005-11-11 15:11:37.000000000 -0500
@@ -15,30 +15,16 @@ @@ -15,32 +15,19 @@
# The file CONTEXTDIR/files/homedir_template exists. This file is used to # The file CONTEXTDIR/files/homedir_template exists. This file is used to
# set up the home directory context for each real user. # set up the home directory context for each real user.
# #
@ -34,8 +34,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
-# -#
import commands, sys, os, pwd, string, getopt, re import commands, sys, os, pwd, string, getopt, re
+from semanage import *;
@@ -67,169 +53,6 @@ EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"]
@@ -67,169 +54,6 @@
starting_uid = 500 starting_uid = 500
return starting_uid return starting_uid
@ -205,11 +208,26 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
def getDefaultHomeDir(): def getDefaultHomeDir():
ret = [] ret = []
rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd") rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
@@ -313,11 +136,8 @@ @@ -287,6 +111,11 @@
class selinuxConfig:
def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1):
+ self.semanageHandle=semanage_handle_create()
+ self.semanaged=semanage_is_managed(self.semanageHandle)
+ if self.semanaged:
+ semanage_connect(self.semanageHandle)
+ (status, self.ulist, self.usize) = semanage_user_list(self.semanageHandle)
self.type=type
self.selinuxdir=selinuxdir +"/"
self.contextdir="/contexts"
@@ -313,47 +142,73 @@
errorExit(string.join("sed error ", rc[1])) errorExit(string.join("sed error ", rc[1]))
def getUsersFile(self): def getUsersFile(self):
- return self.selinuxdir+self.type+"/users/local.users" - return self.selinuxdir+self.type+"/users/local.users"
+ if self.semanaged:
+ return self.selinuxdir+self.type+"module/active/seusers"
+ else:
+ return self.selinuxdir+self.type+"/seusers" + return self.selinuxdir+self.type+"/seusers"
- def getSystemUsersFile(self): - def getSystemUsersFile(self):
@ -218,56 +236,97 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
def heading(self): def heading(self):
ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0] ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile() ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile()
@@ -325,10 +145,7 @@ return ret
+
+ def defaultrole(self, name):
+ for idx in range(self.usize):
+ user = semanage_user_by_idx(self.ulist, idx)
+ if semanage_user_get_name(user) == name:
+ role=semanage_user_get_defrole(user)
+ if role=="system_r":
+ # targeted policy
+ return "user_r"
+ else:
+ return role
+ return name
+ def adduser(self, udict, user, seuser, role, range):
+ try:
+ if seuser == "user_u" or user == "__default__":
+ return
+ # !!! chooses first role in the list to use in the file context !!!
+ if role[-2:] == "_r" or role[-2:] == "_u":
+ role = role[:-2]
+ home = pwd.getpwnam(user)[5]
+ if home == "/":
+ return
+ prefs = {}
+ prefs["role"] = role
+ prefs["home"] = home
+ udict[seuser] = prefs
+ except KeyError:
+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
+
def getUsers(self): def getUsers(self):
users="" - users=""
- rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile()) - rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
- if rc[0] == 0: - if rc[0] == 0:
- users+=rc[1]+"\n" - users+=rc[1]+"\n"
- rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile()) - rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile())
+ rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile()) - if rc[0] == 0:
if rc[0] == 0: - users+=rc[1]
users+=rc[1]
udict = {} udict = {}
@@ -336,24 +153,27 @@ - prefs = {}
if users != "": - if users != "":
ulist = users.split("\n") - ulist = users.split("\n")
+ if self.semanaged:
+ (status, list, lsize) = semanage_seuser_list(self.semanageHandle)
+ for idx in range(lsize):
+ user=[]
+ seuser = semanage_seuser_by_idx(list, idx)
+ seusername=semanage_seuser_get_sename(seuser)
+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername), semanage_seuser_get_mlsrange(seuser))
+
+ else:
+ users=""
+ rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
+ if rc[0] == 0 and rc[1] != "":
+ ulist = rc[1].split("\n")
+
for u in ulist: for u in ulist:
- user = u.split() - user = u.split()
+ if len(u)==0: - try:
+ continue
+ user = u.split(":")
try:
- if len(user)==0 or user[1] == "user_u" or user[1] == "system_u": - if len(user)==0 or user[1] == "user_u" or user[1] == "system_u":
+ if len(user)==0 or user[1] == "user_u": - continue
continue - # !!! chooses first role in the list to use in the file context !!!
# !!! chooses first role in the list to use in the file context !!!
- role = user[3] - role = user[3]
- if role == "{": - if role == "{":
- role = user[4] - role = user[4]
- role = role.split("_r")[0] - role = role.split("_r")[0]
- home = pwd.getpwnam(user[1])[5] - home = pwd.getpwnam(user[1])[5]
+ if user[0] == "root": - if home == "/":
+ role="user_u" - continue
+ else: - prefs = {}
+ role = user[1] - prefs["role"] = role
+ role = role.split("_u")[0] - prefs["home"] = home
+ home = pwd.getpwnam(user[0])[5]
if home == "/":
continue
prefs = {}
prefs["role"] = role
prefs["home"] = home
- udict[user[1]] = prefs - udict[user[1]] = prefs
+ udict[user[0]] = prefs - except KeyError:
except KeyError:
- sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1]) - sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1])
+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[0]) + if len(u)==0:
+ continue
+ user = u.split(":")
+ if len(user) < 3:
+ continue
+ if u[0] == "root":
+ role="user"
+ else:
+ role=u[0]
+ self.adduser(udict, u[0], u[1], role, u[2])
+
return udict return udict
def getHomeDirContext(self, user, home, role): def getHomeDirContext(self, user, home, role):
@@ -362,9 +182,8 @@ @@ -362,9 +217,8 @@
return ret + rc[1] + "\n" return ret + rc[1] + "\n"
def getUserContext(self, user, sel_user, role): def getUserContext(self, user, sel_user, role):
@ -278,7 +337,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
def genHomeDirContext(self): def genHomeDirContext(self):
users = self.getUsers() users = self.getUsers()
@@ -478,10 +297,6 @@ @@ -478,10 +332,6 @@
if type==None: if type==None:
type=getSELinuxType(directory) type=getSELinuxType(directory)

View File

@ -1,9 +1,9 @@
%define libsepolver 1.9.39-1 %define libsepolver 1.9.39-1
%define libsemanagever 1.3.52-1 %define libsemanagever 1.3.53-2
Summary: SELinux policy core utilities. Summary: SELinux policy core utilities.
Name: policycoreutils Name: policycoreutils
Version: 1.27.27 Version: 1.27.27
Release: 1 Release: 2
License: GPL License: GPL
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -88,6 +88,9 @@ rm -rf ${RPM_BUILD_ROOT}
%config(noreplace) %{_sysconfdir}/sestatus.conf %config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog %changelog
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2
- Patch genhomedircon to use libsemanage.py stuff
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1 * Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1
- Update to match NSA - Update to match NSA
* Merged setsebool cleanup patch from Ivan Gyurdiev. * Merged setsebool cleanup patch from Ivan Gyurdiev.