rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-3

Browse Source 
- Add check for root for semanage, genhomedircon
This commit is contained in:
Daniel J Walsh 2006-01-15 15:31:28 +00:00
parent a482441cd0
commit b53e6f7552
1 changed files with 346 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

368
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.7/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-13 09:47:40.000000000 -0500 --- nsapolicycoreutils/scripts/genhomedircon 2006-01-13 09:47:40.000000000 -0500
+++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-14 08:39:02.000000000 -0500 +++ policycoreutils-1.29.7/scripts/genhomedircon 2006-01-15 08:42:38.000000000 -0500
@@ -327,6 +327,9 @@ @@ -327,6 +327,9 @@
sys.stderr.write("%s: %s\n" % ( sys.argv[0], error )) sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
@ -13,8 +13,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
# This script will generate home dir file context # This script will generate home dir file context
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.7/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500 --- nsapolicycoreutils/semanage/semanage 2006-01-13 09:47:40.000000000 -0500
+++ policycoreutils-1.29.7/semanage/semanage 2006-01-14 08:38:35.000000000 -0500 +++ policycoreutils-1.29.7/semanage/semanage 2006-01-15 09:04:05.000000000 -0500
@@ -20,10 +20,13 @@ @@ -20,23 +20,27 @@
# 02111-1307 USA # 02111-1307 USA
# #
# #
@ -29,7 +29,83 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
def usage(message = ""): def usage(message = ""):
print '\ print '\
@@ -210,8 +214,13 @@ -semanage user [-admsRrh] SELINUX_USER\n\
-semanage login [-admsrh] LOGIN_NAME\n\
-semanage port [-admth] PORT | PORTRANGE\n\
-semanage interface [-admth] INTERFACE\n\
-semanage fcontext [-admhfst] INTERFACE\n\
+semanage user [-admLRr] SELINUX_USER\n\
+semanage login [-admsr] LOGIN_NAME\n\
+semanage port [-admtpr] PORT | PORTRANGE\n\
+semanage interface [-admtr] INTERFACE\n\
+semanage fcontext [-admhfrst] INTERFACE\n\
-a, --add Add a OBJECT record NAME\n\
-d, --delete Delete a OBJECT record NAME\n\
-f, --ftype File Type of OBJECT \n\
-h, --help display this message\n\
-l, --list List the OBJECTS\n\
+ -L, --level Default SELinux Level\n\
-n, --noheading Do not print heading when listing OBJECTS\n\
-m, --modify Modify a OBJECT record NAME\n\
-r, --range MLS/MCS Security Range\n\
@@ -84,7 +88,7 @@
args = sys.argv[2:]
gopts, cmds = getopt.getopt(args,
- 'adf:lhmnp:P:s:R:r:t:v',
+ 'adf:lhmnp:P:s:R:L:r:t:v',
['add',
'delete',
'ftype=',
@@ -96,6 +100,7 @@
'proto=',
'seuser=',
'range=',
+ 'level=',
'roles=',
'type=',
'verbose'
@@ -106,7 +111,7 @@
usage()
add = 1
- if o == "-d" or o == "--delese":
+ if o == "-d" or o == "--delete":
if modify or add:
usage()
delete = 1
@@ -126,21 +131,24 @@
if o == "-r" or o == '--range':
serange = a
+ if o == "-l" or o == "--list":
+ list = 1
+
+ if o == "-L" or o == '--level':
+ selevel = a
+
if o == "-P" or o == '--proto':
proto = a
if o == "-R" or o == '--roles':
roles = a
- if o == "-t" or o == "--type":
- setype = a
-
- if o == "-l" or o == "--list":
- list = 1
-
if o == "-s" or o == "--seuser":
seuser = a
+ if o == "-t" or o == "--type":
+ setype = a
+
if o == "-v" or o == "--verbose":
verbose = 1
@@ -210,8 +218,13 @@
if delete: if delete:
if object == "port": if object == "port":
OBJECT.delete(target, proto) OBJECT.delete(target, proto)
@ -43,10 +119,165 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy
sys.exit(0); sys.exit(0);
usage() usage()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.7/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2005-11-29 10:55:01.000000000 -0500
+++ policycoreutils-1.29.7/semanage/semanage.8 2006-01-15 09:04:56.000000000 -0500
@@ -3,55 +3,71 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage OBJECTTYPE [\-admsrh] OBJECT
-.B semanage login [\-admsrh] login_name
+.B semanage {login|user|port|interface|fcontext} \-l
.br
-.B semanage seuser [\-admsrh] selinux_name
+.B semanage login \-{a|d|m} [\-sr] login_name
.br
-.B semanage port [\-admth] port_number
+.B semanage user \-{a|d|m} [\-LrR] selinux_name
+.br
+.B semanage port \-{a|d|m} [\-tp] port_number
+.br
+.B semanage interface \-{a|d|m} [\-tr] interface_spec
+.br
+.B semanage fcontext \-{a|d|m} [\-frst] file_spec
.P
-This tool is used to manage configuration of the SELinux policy
+
+This tool is used to configure SELinux policy
.SH "DESCRIPTION"
This manual page describes the
.BR semanage
program.
.br
-This tool is used to manage configuration of SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users.
-
+This tool is used to configure SELinux Policy. You can configure SELinux User Mappings, SELinux Port Mappings, SELinux Users. File Context and Network Interfaces.
.SH "OPTIONS"
-.TP
- \-a, \-\-add
-.P
+.TP
+.I \-a, \-\-add
Add a OBJECT record NAME
-.B \-d, \-\-delete
-.P
+.TP
+.I \-d, \-\-delete
Delete a OBJECT record NAME
-.B \-h, \-\-help
-.P
+.TP
+.I \-h, \-\-help
display this message
-.B \-l, \-\-list
-.P
+.TP
+.I \-f, \-\-ftype
+File Type. This is used with fcontext.
+Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
+.TP
+.I \-l, \-\-list
List the OBJECTS
-.B \-m, \-\-modify
-.P
+.TP
+.I \-L, \-\-level
+Default SELinux Level for SELinux use. (s0)
+.TP
+.I \-m, \-\-modify
Modify a OBJECT record NAME
-.B \-r, \-\-range
-.P
+.TP
+.I \-p, \-\-proto
+Protocol for the specified port (tcp|udp).
+.TP
+.I \-R, \-\-role
+SELinux Roles (Separate by spaces)
+.TP
+.I \-r, \-\-range
MLS/MCS Security Range
-.B \-s, \-\-seuser
-.P
+.TP
+.I \-s, \-\-seuser
SELinux user name
-.B \-t, \-\-type
-.P
+.TP
+.I \-t, \-\-type
SELinux Type for the object
-.B \-v, \-\-verbose
-.P
+.TP
+.I \-v, \-\-verbose
verbose output
.SH "AUTHOR"
-This man page was written by Daniel Walsh <dwalsh@redhat.com>.
-
-
+This man page was written by Daniel Walsh <dwalsh@redhat.com> and
+Russell Coker <rcoker@redhat.com>.
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.7/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500 --- nsapolicycoreutils/semanage/seobject.py 2006-01-13 08:39:11.000000000 -0500
+++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-14 01:50:09.000000000 -0500 +++ policycoreutils-1.29.7/semanage/seobject.py 2006-01-15 09:50:28.000000000 -0500
@@ -46,7 +46,7 @@ @@ -21,8 +21,39 @@
#
#
-import pwd, string
+import pwd, string, selinux
from semanage import *;
+
+def translate(raw, prepend=1):
+ if prepend == 1:
+ context="a:b:c:%s" % raw
+ else:
+ context=raw
+ (rc, trans)=selinux.selinux_raw_to_trans_context(context)
+ if rc != 0:
+ return raw
+ if prepend:
+ trans = trans.strip("a:b:c")
+ if trans == "":
+ return raw
+ else:
+ return trans
+
+def untranslate(trans, prepend=1):
+ if prepend == 1:
+ context="a:b:c:%s" % trans
+ else:
+ context=raw
+ (rc, raw)=selinux.selinux_trans_to_raw_context(context)
+ if rc != 0:
+ return trans
+ if prepend:
+ raw = raw.strip("a:b:c")
+ if raw == "":
+ return trans
+ else:
+ return raw
+
class semanageRecords:
def __init__(self):
self.sh = semanage_handle_create()
@@ -37,6 +68,9 @@
def add(self, name, sename, serange):
if serange == "":
serange = "s0"
+ else:
+ serange = untranslate(serange)
+
if sename == "":
sename = "user_u"
@@ -46,7 +80,7 @@
(rc,exists) = semanage_seuser_exists(self.sh, k) (rc,exists) = semanage_seuser_exists(self.sh, k)
if exists: if exists:
@ -55,7 +286,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
try: try:
pwd.getpwnam(name) pwd.getpwnam(name)
except: except:
@@ -54,40 +54,65 @@ @@ -54,40 +88,65 @@
(rc,u) = semanage_seuser_create(self.sh) (rc,u) = semanage_seuser_create(self.sh)
if rc < 0: if rc < 0:
@ -119,7 +350,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
+ raise ValueError("Could not query seuser for %s" % name) + raise ValueError("Could not query seuser for %s" % name)
if serange != "": if serange != "":
semanage_seuser_set_mlsrange(self.sh, u, serange) - semanage_seuser_set_mlsrange(self.sh, u, serange)
+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
if sename != "": if sename != "":
semanage_seuser_set_sename(self.sh, u, sename) semanage_seuser_set_sename(self.sh, u, sename)
- semanage_begin_transaction(self.sh) - semanage_begin_transaction(self.sh)
@ -142,7 +374,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
def delete(self, name): def delete(self, name):
(rc,k) = semanage_seuser_key_create(self.sh, name) (rc,k) = semanage_seuser_key_create(self.sh, name)
if rc < 0: if rc < 0:
@@ -95,15 +120,26 @@ @@ -95,15 +154,26 @@
(rc,exists) = semanage_seuser_exists(self.sh, k) (rc,exists) = semanage_seuser_exists(self.sh, k)
if not exists: if not exists:
@ -175,7 +407,29 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
for idx in range(self.usize): for idx in range(self.usize):
u = semanage_seuser_by_idx(self.ulist, idx) u = semanage_seuser_by_idx(self.ulist, idx)
name = semanage_seuser_get_name(u) name = semanage_seuser_get_name(u)
@@ -134,40 +170,59 @@ @@ -117,7 +187,7 @@
keys=dict.keys()
keys.sort()
for k in keys:
- print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1])
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
class seluserRecords(semanageRecords):
def __init__(self):
@@ -126,87 +196,134 @@
def add(self, name, roles, selevel, serange):
if serange == "":
serange = "s0"
+ else:
+ serange = untranslate(serange)
+
if selevel == "":
selevel = "s0"
+ else:
+ selevel = untranslate(selevel)
(rc,k) = semanage_user_key_create(self.sh, name)
if rc < 0:
raise ValueError("Could not create a key for %s" % name) raise ValueError("Could not create a key for %s" % name)
(rc,exists) = semanage_user_exists(self.sh, k) (rc,exists) = semanage_user_exists(self.sh, k)
@ -251,7 +505,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
if rc < 0: if rc < 0:
raise ValueError("Could not query user for %s" % name) raise ValueError("Could not query user for %s" % name)
@@ -178,35 +233,57 @@ if serange != "":
- semanage_user_set_mlsrange(self.sh, u, serange)
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
if selevel != "":
- semanage_user_set_mlslevel(self.sh, u, selevel)
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+
if len(roles) != 0: if len(roles) != 0:
for r in roles: for r in roles:
semanage_user_add_role(self.sh, u, r) semanage_user_add_role(self.sh, u, r)
@ -326,7 +586,33 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
roles = "" roles = ""
if rlist_size: if rlist_size:
@@ -278,62 +355,97 @@ @@ -219,13 +336,13 @@
def list(self, heading=1):
if heading:
- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/")
- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
+ print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
+ print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
dict=self.get_all()
keys=dict.keys()
keys.sort()
for k in keys:
- print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2])
+ print "%-15s %-10s %-30s %s" % (k, translate(dict[k][0]), translate(dict[k][1]), dict[k][2])
class portRecords(semanageRecords):
def __init__(self):
@@ -258,6 +375,8 @@
def add(self, port, proto, serange, type):
if serange == "":
serange="s0"
+ else:
+ serange=untranslate(serange)
if type == "":
raise ValueError("Type is required")
@@ -278,62 +397,97 @@
if rc < 0: if rc < 0:
raise ValueError("Could not create context for %s/%s" % (proto, port)) raise ValueError("Could not create context for %s/%s" % (proto, port))
@ -394,7 +680,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
- raise ValueError("Could not get port context for %s/%s" % (proto, port)) - raise ValueError("Could not get port context for %s/%s" % (proto, port))
if serange != "": if serange != "":
semanage_context_set_mls(self.sh, con, serange) - semanage_context_set_mls(self.sh, con, serange)
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
- semanage_begin_transaction(self.sh) - semanage_begin_transaction(self.sh)
@ -456,7 +743,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
for idx in range(self.psize): for idx in range(self.psize):
u = semanage_port_by_idx(self.plist, idx) u = semanage_port_by_idx(self.plist, idx)
con = semanage_port_get_con(u) con = semanage_port_get_con(u)
@@ -375,83 +487,122 @@ @@ -369,89 +523,130 @@
def add(self, interface, serange, type):
if serange == "":
serange="s0"
+ else:
+ serange=untranslate(serange)
if type == "":
raise ValueError("SELinux Type is required")
(rc,k) = semanage_iface_key_create(self.sh, interface) (rc,k) = semanage_iface_key_create(self.sh, interface)
if rc < 0: if rc < 0:
@ -550,7 +845,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
- raise ValueError("Could not get interface context for %s" % interface) - raise ValueError("Could not get interface context for %s" % interface)
if serange != "": if serange != "":
semanage_context_set_mls(self.sh, con, serange) - semanage_context_set_mls(self.sh, con, serange)
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@ -618,7 +914,24 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
for idx in range(self.psize): for idx in range(self.psize):
interface = semanage_iface_by_idx(self.plist, idx) interface = semanage_iface_by_idx(self.plist, idx)
con = semanage_iface_get_ifcon(interface) con = semanage_iface_get_ifcon(interface)
@@ -501,48 +652,69 @@ @@ -466,7 +661,7 @@
keys=dict.keys()
keys.sort()
for k in keys:
- print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3], False))
class fcontextRecords(semanageRecords):
def __init__(self):
@@ -495,89 +690,127 @@
if serange == "":
serange="s0"
+ else:
+ serange=untranslate(serange)
if type == "":
raise ValueError("SELinux Type is required")
(rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype])
if rc < 0: if rc < 0:
@ -708,8 +1021,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
- raise ValueError("Could not get fcontext context for %s" % target) - raise ValueError("Could not get fcontext context for %s" % target)
if serange != "": if serange != "":
semanage_context_set_mls(self.sh, con, serange) - semanage_context_set_mls(self.sh, con, serange)
@@ -551,33 +723,48 @@ + semanage_context_set_mls(self.sh, con, untranslate(serange))
if seuser != "":
semanage_context_set_user(self.sh, con, seuser)
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@ -777,7 +1092,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
for idx in range(self.psize): for idx in range(self.psize):
fcontext = semanage_fcontext_by_idx(self.plist, idx) fcontext = semanage_fcontext_by_idx(self.plist, idx)
@@ -606,117 +793,82 @@ @@ -598,7 +831,7 @@
keys=dict.keys()
for k in keys:
if dict[k]:
- print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3])
+ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], translate(dict[k][3],False))
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -606,117 +839,82 @@
def __init__(self): def __init__(self):
semanageRecords.__init__(self) semanageRecords.__init__(self)
@ -802,13 +1126,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py pol
- if exists: - if exists:
- raise ValueError("fcontext %s already defined" % target) - raise ValueError("fcontext %s already defined" % target)
- (rc,fcontext) = semanage_fcontext_create(self.sh) - (rc,fcontext) = semanage_fcontext_create(self.sh)
+ (rc,k) = semanage_bool_key_create(self.sh, name) - if rc < 0:
if rc < 0:
- raise ValueError("Could not create fcontext for %s" % target) - raise ValueError("Could not create fcontext for %s" % target)
- -
- rc = semanage_fcontext_set_expr(self.sh, fcontext, target) - rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
- (rc, con) = semanage_context_create(self.sh) - (rc, con) = semanage_context_create(self.sh)
- if rc < 0: + (rc,k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
- raise ValueError("Could not create context for %s" % target) - raise ValueError("Could not create context for %s" % target)
- -
- semanage_context_set_user(self.sh, con, seuser) - semanage_context_set_user(self.sh, con, seuser)