Updated seobject.py
This commit is contained in:
Daniel J Walsh
parent
adf7360bca
commit
ad9ae902cf
@ -1,15 +1,15 @@
|
|||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.49/Makefile
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.50/Makefile
|
||||||
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
|
--- nsapolicycoreutils/Makefile 2008-06-12 23:25:24.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/Makefile 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/Makefile 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -1,4 +1,4 @@
|
@@ -1,4 +1,4 @@
|
||||||
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
|
||||||
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
|
||||||
|
|
||||||
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
|
||||||
|
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.49/restorecond/restorecond.c
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.50/restorecond/restorecond.c
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.c 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/restorecond/restorecond.c 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/restorecond/restorecond.c 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -210,9 +210,10 @@
|
@@ -210,9 +210,10 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -36,9 +36,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
}
|
}
|
||||||
free(scontext);
|
free(scontext);
|
||||||
close(fd);
|
close(fd);
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.49/restorecond/restorecond.init
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.50/restorecond/restorecond.init
|
||||||
--- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/restorecond/restorecond.init 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/restorecond/restorecond.init 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/restorecond/restorecond.init 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -2,7 +2,7 @@
|
@@ -2,7 +2,7 @@
|
||||||
#
|
#
|
||||||
# restorecond: Daemon used to maintain path file context
|
# restorecond: Daemon used to maintain path file context
|
||||||
@ -48,9 +48,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
# description: restorecond uses inotify to look for creation of new files \
|
# description: restorecond uses inotify to look for creation of new files \
|
||||||
# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
# listed in the /etc/selinux/restorecond.conf file, and restores the \
|
||||||
# correct security context.
|
# correct security context.
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.49/scripts/fixfiles
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.50/scripts/fixfiles
|
||||||
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/scripts/fixfiles 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/scripts/fixfiles 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/scripts/fixfiles 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -138,6 +138,9 @@
|
@@ -138,6 +138,9 @@
|
||||||
fi
|
fi
|
||||||
LogReadOnly
|
LogReadOnly
|
||||||
@ -80,9 +80,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
}
|
}
|
||||||
|
|
||||||
if [ $# = 0 ]; then
|
if [ $# = 0 ]; then
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.49/scripts/fixfiles.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.50/scripts/fixfiles.8
|
||||||
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/scripts/fixfiles.8 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/scripts/fixfiles.8 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/scripts/fixfiles.8 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -7,6 +7,8 @@
|
@@ -7,6 +7,8 @@
|
||||||
|
|
||||||
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
|
||||||
@ -102,9 +102,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
|
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
.TP
|
.TP
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.49/semanage/semanage
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.50/semanage/semanage
|
||||||
--- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/semanage/semanage 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/semanage/semanage 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/semanage/semanage 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -43,49 +43,52 @@
|
@@ -43,49 +43,52 @@
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|
||||||
@ -230,9 +230,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
sys.exit(0);
|
sys.exit(0);
|
||||||
|
|
||||||
if modify:
|
if modify:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.49/semanage/semanage.8
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.50/semanage/semanage.8
|
||||||
--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/semanage/semanage.8 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/semanage/semanage.8 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/semanage/semanage.8 2008-07-01 09:43:28.000000000 -0400
|
||||||
@@ -17,6 +17,8 @@
|
@@ -17,6 +17,8 @@
|
||||||
.br
|
.br
|
||||||
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
|
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
|
||||||
@ -255,9 +255,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
Russell Coker <rcoker@redhat.com>.
|
Russell Coker <rcoker@redhat.com>.
|
||||||
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
Examples by Thomas Bleher <ThomasBleher@gmx.de>.
|
||||||
-
|
-
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.49/semanage/seobject.py
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.12 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.50/semanage/seobject.py
|
||||||
--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
|
--- nsapolicycoreutils/semanage/seobject.py 2008-06-12 23:25:21.000000000 -0400
|
||||||
+++ policycoreutils-2.0.49/semanage/seobject.py 2008-06-27 07:21:06.000000000 -0400
|
+++ policycoreutils-2.0.50/semanage/seobject.py 2008-07-01 09:43:52.000000000 -0400
|
||||||
@@ -1,5 +1,5 @@
|
@@ -1,5 +1,5 @@
|
||||||
#! /usr/bin/python -E
|
#! /usr/bin/python -E
|
||||||
-# Copyright (C) 2005, 2006, 2007 Red Hat
|
-# Copyright (C) 2005, 2006, 2007 Red Hat
|
||||||
@ -275,7 +275,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
import gettext
|
import gettext
|
||||||
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
|
||||||
gettext.textdomain(PROGNAME)
|
gettext.textdomain(PROGNAME)
|
||||||
@@ -246,7 +248,67 @@
|
@@ -246,7 +248,98 @@
|
||||||
os.close(fd)
|
os.close(fd)
|
||||||
os.rename(newfilename, self.filename)
|
os.rename(newfilename, self.filename)
|
||||||
os.system("/sbin/service mcstrans reload > /dev/null")
|
os.system("/sbin/service mcstrans reload > /dev/null")
|
||||||
@ -284,6 +284,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
+class permissiveRecords:
|
+class permissiveRecords:
|
||||||
+ def __init__(self, store):
|
+ def __init__(self, store):
|
||||||
+ self.store = store
|
+ self.store = store
|
||||||
|
+ self.sh = semanage_handle_create()
|
||||||
|
+ if not self.sh:
|
||||||
|
+ raise ValueError(_("Could not create semanage handle"))
|
||||||
|
+
|
||||||
|
+ if store != "":
|
||||||
|
+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
|
||||||
|
+
|
||||||
|
+ self.semanaged = semanage_is_managed(self.sh)
|
||||||
|
+
|
||||||
|
+ if not self.semanaged:
|
||||||
|
+ semanage_handle_destroy(self.sh)
|
||||||
|
+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
|
||||||
|
+
|
||||||
|
+ rc = semanage_access_check(self.sh)
|
||||||
|
+ if rc < SEMANAGE_CAN_READ:
|
||||||
|
+ semanage_handle_destroy(self.sh)
|
||||||
|
+ raise ValueError(_("Cannot read policy store."))
|
||||||
|
+
|
||||||
|
+ rc = semanage_connect(self.sh)
|
||||||
|
+ if rc < 0:
|
||||||
|
+ semanage_handle_destroy(self.sh)
|
||||||
|
+ raise ValueError(_("Could not establish semanage connection"))
|
||||||
+
|
+
|
||||||
+ def get_all(self):
|
+ def get_all(self):
|
||||||
+ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
|
+ rc, out = commands.getstatusoutput("semodule -l | grep ^permissive");
|
||||||
@ -319,8 +341,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
+ fd.close()
|
+ fd.close()
|
||||||
+ mc = module.ModuleCompiler()
|
+ mc = module.ModuleCompiler()
|
||||||
+ mc.create_module_package(filename, 1)
|
+ mc.create_module_package(filename, 1)
|
||||||
+ rc, out = commands.getstatusoutput("semodule -i permissive_%s.pp" % type);
|
+ fd = open("permissive_%s.pp" % type)
|
||||||
+ for root, dirs, files in os.walk("top", topdown=False):
|
+ data = fd.read()
|
||||||
|
+ fd.close()
|
||||||
|
+
|
||||||
|
+ rc = semanage_module_install(self.sh, data, len(data));
|
||||||
|
+ rc = semanage_commit(self.sh)
|
||||||
|
+ if rc < 0:
|
||||||
|
+ raise ValueError(_("Could not set permissive domain %s") % name)
|
||||||
|
+ for root, dirs, files in os.walk("tmp", topdown=False):
|
||||||
+ for name in files:
|
+ for name in files:
|
||||||
+ os.remove(os.path.join(root, name))
|
+ os.remove(os.path.join(root, name))
|
||||||
+ for name in dirs:
|
+ for name in dirs:
|
||||||
@ -331,9 +360,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+
|
+
|
||||||
+ def delete(self, name):
|
+ def delete(self, name):
|
||||||
+ rc, out = commands.getstatusoutput("semodule -r permissive_%s" % name );
|
+ for i in name.split
|
||||||
+ if rc != 0:
|
+ rc = semanage_module_remove(self.sh, "permissive_%s" % name)
|
||||||
+ raise ValueError(out)
|
+ rc = semanage_commit(self.sh)
|
||||||
|
+ if rc < 0:
|
||||||
|
+ raise ValueError(_("Could not remove permissive domain %s") % name)
|
||||||
+
|
+
|
||||||
+ def deleteall(self):
|
+ def deleteall(self):
|
||||||
+ l = self.get_all()
|
+ l = self.get_all()
|
||||||
@ -344,7 +375,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.11 --exclude=gui --exclude=po
|
|||||||
class semanageRecords:
|
class semanageRecords:
|
||||||
def __init__(self, store):
|
def __init__(self, store):
|
||||||
self.sh = semanage_handle_create()
|
self.sh = semanage_handle_create()
|
||||||
@@ -464,7 +526,7 @@
|
@@ -464,7 +557,7 @@
|
||||||
def __init__(self, store = ""):
|
def __init__(self, store = ""):
|
||||||
semanageRecords.__init__(self, store)
|
semanageRecords.__init__(self, store)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user