* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2

- Patch genhomedircon to use libsemanage.py stuff
2005-11-11 20:13:44 +00:00 · 2005-11-11 20:13:44 +00:00 · 6c7ca7b42a
commit 6c7ca7b42a
parent d14b8688f8
2 changed files with 101 additions and 39 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,7 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.26/scripts/genhomedircon
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.27.27/scripts/genhomedircon
 --- nsapolicycoreutils/scripts/genhomedircon	2005-09-12 16:33:30.000000000 -0400
-+++ policycoreutils-1.27.26/scripts/genhomedircon	2005-11-09 17:42:11.000000000 -0500
-@@ -15,30 +15,16 @@
+++ policycoreutils-1.27.27/scripts/genhomedircon	2005-11-11 15:11:37.000000000 -0500
+@@ -15,32 +15,19 @@
 # The file CONTEXTDIR/files/homedir_template exists.  This file is used to
 # set up the home directory context for each real user.
 # 
@ -34,8 +34,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 -#
 
 import commands, sys, os, pwd, string, getopt, re
+from semanage import *;
 
-@@ -67,169 +53,6 @@
+ EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"]
+ 
+@@ -67,169 +54,6 @@
 		starting_uid = 500
 	return starting_uid
 
@ -205,12 +208,27 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 def getDefaultHomeDir():
 	ret = []
 	rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
-@@ -313,11 +136,8 @@
+@@ -287,6 +111,11 @@
+ 
+ class selinuxConfig:
+ 	def __init__(self, selinuxdir="/etc/selinux", type="targeted", usepwd=1):
+		self.semanageHandle=semanage_handle_create()
+		self.semanaged=semanage_is_managed(self.semanageHandle)
+		if self.semanaged:
+			semanage_connect(self.semanageHandle)
+			(status, self.ulist, self.usize) = semanage_user_list(self.semanageHandle)
+ 		self.type=type
+ 		self.selinuxdir=selinuxdir +"/"
+ 		self.contextdir="/contexts"
+@@ -313,47 +142,73 @@
 			errorExit(string.join("sed error ", rc[1]))
 
 	def getUsersFile(self):
 -		return self.selinuxdir+self.type+"/users/local.users"
-+		return self.selinuxdir+self.type+"/seusers"
+		if self.semanaged:
+			return self.selinuxdir+self.type+"module/active/seusers"
+		else:
+			return self.selinuxdir+self.type+"/seusers"
 
 -	def getSystemUsersFile(self):
 -		return self.selinuxdir+self.type+"/users/system.users"
@ -218,56 +236,97 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 	def heading(self):
 		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
 		ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile()
-@@ -325,10 +145,7 @@
+ 		return ret
 
+
+	def defaultrole(self, name):
+		for idx in range(self.usize):
+			user = semanage_user_by_idx(self.ulist, idx)
+			if semanage_user_get_name(user) == name:
+				role=semanage_user_get_defrole(user)
+				if role=="system_r":
+					# targeted policy
+					return "user_r"
+				else:
+					return  role
+		return name
+	def adduser(self, udict, user, seuser, role, range):
+		try:
+			if seuser == "user_u" or user == "__default__":
+				return
+			# !!! chooses first role in the list to use in the file context !!!
+			if role[-2:] == "_r" or role[-2:] == "_u":
+				role = role[:-2]
+			home = pwd.getpwnam(user)[5]
+			if home == "/":
+				return
+			prefs = {}
+			prefs["role"] = role
+			prefs["home"] = home
+			udict[seuser] = prefs
+		except KeyError:
+			sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
+
 	def getUsers(self):
- 		users=""
+-		users=""
 -		rc = commands.getstatusoutput('grep "^user" %s' % self.getSystemUsersFile())
 -		if rc[0] == 0:
 -			users+=rc[1]+"\n"
 -		rc = commands.getstatusoutput("grep ^user %s" % self.getUsersFile())
-+		rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
- 		if rc[0] == 0:
- 			users+=rc[1]
+-		if rc[0] == 0:
+-			users+=rc[1]
 		udict = {}
-@@ -336,24 +153,27 @@
- 		if users != "":
- 			ulist = users.split("\n")
+-		prefs = {}
+-		if users != "":
+-			ulist = users.split("\n")
+		if self.semanaged:
+			(status, list, lsize) = semanage_seuser_list(self.semanageHandle)
+			for idx in range(lsize):
+				user=[]
+				seuser = semanage_seuser_by_idx(list, idx)
+				seusername=semanage_seuser_get_sename(seuser)
+				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername), semanage_seuser_get_mlsrange(seuser))
+				
+		else:
+			users=""
+			rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.getUsersFile())
+			if rc[0] == 0 and rc[1] != "":
+				ulist = rc[1].split("\n")
+				
 			for u in ulist:
 -				user = u.split()
-+				if len(u)==0:
-+					continue
-+				user = u.split(":")
- 				try:
+-				try:
 -					if len(user)==0 or user[1] == "user_u" or user[1] == "system_u":
-+					if len(user)==0 or user[1] == "user_u":
- 						continue
- 					# !!! chooses first role in the list to use in the file context !!!
+-						continue
+-					# !!! chooses first role in the list to use in the file context !!!
 -					role = user[3]
 -					if role == "{":
 -						role = user[4]
 -					role = role.split("_r")[0]
 -					home = pwd.getpwnam(user[1])[5]
-+					if user[0] == "root":
-+						role="user_u"
-+					else:
-+						role = user[1]
-+					role = role.split("_u")[0]
-+					home = pwd.getpwnam(user[0])[5]
- 					if home == "/":
- 						continue
- 					prefs = {}
- 					prefs["role"] = role
- 					prefs["home"] = home
+-					if home == "/":
+-						continue
+-					prefs = {}
+-					prefs["role"] = role
+-					prefs["home"] = home
 -					udict[user[1]] = prefs
-+					udict[user[0]] = prefs
- 				except KeyError:
+-				except KeyError:
 -					sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1])
-+					sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[0])
+				if len(u)==0:
+					continue
+				user = u.split(":")
+				if len(user) < 3:
+					continue
+				if u[0] == "root":
+					role="user"
+				else:
+					role=u[0]
+				self.adduser(udict, u[0], u[1], role, u[2])
+				
 		return udict
 
 	def getHomeDirContext(self, user, home, role):
-@@ -362,9 +182,8 @@
+@@ -362,9 +217,8 @@
 		return ret + rc[1] + "\n"
 
 	def getUserContext(self, user, sel_user, role):
@ -278,7 +337,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 
 	def genHomeDirContext(self):
 		users = self.getUsers()
-@@ -478,10 +297,6 @@
+@@ -478,10 +332,6 @@
 	if type==None:
 		type=getSELinuxType(directory)
 
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,9 +1,9 @@
 %define libsepolver 1.9.39-1
-%define libsemanagever 1.3.52-1
+%define libsemanagever 1.3.53-2
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.27.27
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -88,6 +88,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %config(noreplace) %{_sysconfdir}/sestatus.conf

 %changelog
+* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-2
+- Patch genhomedircon to use libsemanage.py stuff
+
 * Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1
 - Update to match NSA
 	* Merged setsebool cleanup patch from Ivan Gyurdiev.