* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.29.4-1
- Update to match NSA * Merged genhomedircon and semanage patch from Dan Walsh. * Changed semodule error reporting to include argv[0].
This commit is contained in:
parent
f0d6d7561d
commit
cdca00d223
@ -77,3 +77,5 @@ policycoreutils-1.28.tgz
|
||||
policycoreutils-1.29.1.tgz
|
||||
policycoreutils-1.29.2.tgz
|
||||
policycoreutils-1.29.3.tgz
|
||||
policycoreutils-1.29.4.tgz
|
||||
policycoreutils-1.29.5.tgz
|
||||
|
@ -1,225 +1,375 @@
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.3/scripts/genhomedircon
|
||||
--- nsapolicycoreutils/scripts/genhomedircon 2006-01-04 13:07:46.000000000 -0500
|
||||
+++ policycoreutils-1.29.3/scripts/genhomedircon 2006-01-04 13:17:35.000000000 -0500
|
||||
@@ -220,8 +220,9 @@
|
||||
if len(u)==0 or u[0]=="#":
|
||||
continue
|
||||
user = u.split(":")
|
||||
- if len(user) < 3:
|
||||
+ if len(user) < 2:
|
||||
continue
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.4/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500
|
||||
+++ policycoreutils-1.29.4/semanage/semanage 2006-01-05 16:27:42.000000000 -0500
|
||||
@@ -20,15 +20,20 @@
|
||||
# 02111-1307 USA
|
||||
#
|
||||
#
|
||||
+
|
||||
role=self.getOldRole(user[1])
|
||||
self.adduser(udict, user[0], user[1], role)
|
||||
fd.close()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.3/semanage/semanage
|
||||
--- nsapolicycoreutils/semanage/semanage 2006-01-04 13:07:46.000000000 -0500
|
||||
+++ policycoreutils-1.29.3/semanage/semanage 2006-01-04 13:17:35.000000000 -0500
|
||||
@@ -36,7 +36,7 @@
|
||||
sename = "user_u"
|
||||
import commands, sys, os, pwd, string, getopt, pwd
|
||||
from semanage import *;
|
||||
-class loginRecords:
|
||||
+class semanageRecords:
|
||||
def __init__(self):
|
||||
self.sh = semanage_handle_create()
|
||||
self.semanaged = semanage_is_managed(self.sh)
|
||||
if self.semanaged:
|
||||
semanage_connect(self.sh)
|
||||
|
||||
(rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
(rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
@@ -48,7 +48,7 @@
|
||||
raise ValueError("Linux User %s does not exist" % name)
|
||||
|
||||
(rc,u) = semanage_seuser_create(self.sh)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create seuser for %s" % name)
|
||||
|
||||
semanage_seuser_set_name(self.sh, u, name)
|
||||
@@ -56,12 +56,12 @@
|
||||
semanage_seuser_set_sename(self.sh, u, sename)
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_seuser_add(self.sh, k, u)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to add SELinux user mapping")
|
||||
|
||||
def modify(self, name, sename = "", serange = ""):
|
||||
(rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
if sename == "" and serange == "":
|
||||
@@ -70,7 +70,7 @@
|
||||
(rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
if exists:
|
||||
(rc,u) = semanage_seuser_query(self.sh, k)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not query seuser for %s" % name)
|
||||
else:
|
||||
raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||
@@ -81,13 +81,13 @@
|
||||
+class loginRecords(semanageRecords):
|
||||
+ def __init__(self):
|
||||
+ semanageRecords.__init__(self)
|
||||
+
|
||||
def add(self, name, sename, serange):
|
||||
if serange == "":
|
||||
serange = "s0"
|
||||
@@ -80,7 +85,7 @@
|
||||
if sename != "":
|
||||
semanage_seuser_set_sename(self.sh, u, sename)
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_seuser_modify(self.sh, k, u)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
- semanage_seuser_modify(self.sh, k, u)
|
||||
+ semanage_seuser_modify_local(self.sh, k, u)
|
||||
if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to modify SELinux user mapping")
|
||||
|
||||
@@ -107,13 +112,9 @@
|
||||
name = semanage_seuser_get_name(u)
|
||||
print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
|
||||
|
||||
def delete(self, name):
|
||||
(rc,k) = semanage_seuser_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
-class seluserRecords:
|
||||
+class seluserRecords(semanageRecords):
|
||||
def __init__(self):
|
||||
- roles = []
|
||||
- self.sh = semanage_handle_create()
|
||||
- self.semanaged = semanage_is_managed(self.sh)
|
||||
- if self.semanaged:
|
||||
- semanage_connect(self.sh)
|
||||
+ semanageRecords.__init__(self)
|
||||
|
||||
def add(self, name, roles, selevel, serange):
|
||||
if serange == "":
|
||||
@@ -125,11 +126,9 @@
|
||||
if rc < 0:
|
||||
raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
(rc,exists) = semanage_seuser_exists(self.sh, k)
|
||||
@@ -95,7 +95,7 @@
|
||||
raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_seuser_del(self.sh, k)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("SELinux User %s mapping not defined" % name)
|
||||
|
||||
def list(self,heading=1):
|
||||
@@ -122,7 +122,7 @@
|
||||
selevel = "s0"
|
||||
|
||||
(rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
(rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
@@ -132,7 +132,7 @@
|
||||
raise ValueError("SELinux user %s is already defined." % name)
|
||||
- (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
if not exists:
|
||||
- (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
- if not exists:
|
||||
- raise ValueError("SELinux user %s is already defined." % name)
|
||||
+ raise ValueError("SELinux user %s is already defined." % name)
|
||||
|
||||
(rc,u) = semanage_user_create(self.sh)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create login mapping for %s" % name)
|
||||
|
||||
semanage_user_set_name(self.sh, u, name)
|
||||
@@ -141,12 +141,12 @@
|
||||
semanage_user_set_mlsrange(self.sh, u, serange)
|
||||
semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||
(rc,key) = semanage_user_key_extract(self.sh,u)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not extract key for %s" % name)
|
||||
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_user_add_local(self.sh, k, u)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to add SELinux user")
|
||||
|
||||
def modify(self, name, roles = [], selevel = "", serange = ""):
|
||||
@@ -154,7 +154,7 @@
|
||||
raise ValueError("Requires, roles, level or range")
|
||||
|
||||
(rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
if rc < 0:
|
||||
@@ -157,15 +156,11 @@
|
||||
if rc < 0:
|
||||
raise ValueError("Could not create a key for %s" % name)
|
||||
|
||||
(rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
@@ -166,24 +166,24 @@
|
||||
(rc,u) = semanage_user_query(self.sh, k)
|
||||
else:
|
||||
raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
- (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
if exists:
|
||||
- (rc,u) = semanage_user_query_local(self.sh, k)
|
||||
+ (rc,u) = semanage_user_query(self.sh, k)
|
||||
else:
|
||||
- (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
- if exists:
|
||||
- (rc,u) = semanage_user_query(self.sh, k)
|
||||
- else:
|
||||
- raise ValueError("SELinux user %s mapping is not defined." % name)
|
||||
+ raise ValueError("SELinux user %s mapping is not defined locally." % name)
|
||||
if rc < 0:
|
||||
raise ValueError("Could not query user for %s" % name)
|
||||
|
||||
if serange != "":
|
||||
semanage_user_set_mlsrange(self.sh, u, serange)
|
||||
if selevel != "":
|
||||
semanage_user_set_mlslevel(self.sh, u, selevel)
|
||||
- if len(roles) != 0:
|
||||
+ if len(roles) < 0:
|
||||
for r in roles:
|
||||
semanage_user_add_role(self.sh, u, r)
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_user_modify_local(self.sh, k, u)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to modify SELinux user")
|
||||
|
||||
def delete(self, name):
|
||||
@@ -185,10 +180,14 @@
|
||||
(rc,k) = semanage_user_key_create(self.sh, name)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
if rc < 0:
|
||||
raise ValueError("Could not crpppeate a key for %s" % name)
|
||||
|
||||
(rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
@@ -191,7 +191,7 @@
|
||||
-
|
||||
- (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
||||
if not exists:
|
||||
raise ValueError("user %s is not defined" % name)
|
||||
+ else:
|
||||
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
||||
+ if not exists:
|
||||
+ raise ValueError("user %s is not defined locally, can not delete " % name)
|
||||
+
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_user_del_local(self.sh, k)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Login User %s not defined" % name)
|
||||
if semanage_commit(self.sh) < 0:
|
||||
@@ -211,12 +210,9 @@
|
||||
roles += " " + char_by_idx(rlist, ridx)
|
||||
print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles)
|
||||
|
||||
def list(self, heading=1):
|
||||
@@ -238,7 +238,7 @@
|
||||
-class portRecords:
|
||||
+class portRecords(semanageRecords):
|
||||
def __init__(self):
|
||||
- self.sh = semanage_handle_create()
|
||||
- self.semanaged = semanage_is_managed(self.sh)
|
||||
- if self.semanaged:
|
||||
- semanage_connect(self.sh)
|
||||
+ semanageRecords.__init__(self)
|
||||
|
||||
def __genkey(self, port, proto):
|
||||
if proto == "tcp":
|
||||
@@ -236,7 +232,7 @@
|
||||
else:
|
||||
low=string.atoi(ports[0])
|
||||
high=string.atoi(ports[1])
|
||||
|
||||
-
|
||||
+
|
||||
(rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
if rc < 0:
|
||||
raise ValueError("Could not create a key for %s/%s" % (proto, port))
|
||||
return ( k, proto_d, low, high )
|
||||
|
||||
@@ -260,13 +260,13 @@
|
||||
raise ValueError("Port %s/%s already defined locally" % (proto, port))
|
||||
@@ -255,10 +251,6 @@
|
||||
if exists:
|
||||
raise ValueError("Port %s/%s already defined" % (proto, port))
|
||||
|
||||
- (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||
- if exists:
|
||||
- raise ValueError("Port %s/%s already defined locally" % (proto, port))
|
||||
-
|
||||
(rc,p) = semanage_port_create(self.sh)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
if rc < 0:
|
||||
raise ValueError("Could not create port for %s/%s" % (proto, port))
|
||||
|
||||
semanage_port_set_proto(p, proto_d)
|
||||
semanage_port_set_range(p, low, high)
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
raise ValueError("Could not create context for %s/%s" % (proto, port))
|
||||
|
||||
semanage_context_set_user(self.sh, con, "system_u")
|
||||
@@ -276,7 +276,7 @@
|
||||
semanage_port_set_con(p, con)
|
||||
@@ -273,8 +265,8 @@
|
||||
semanage_context_set_role(self.sh, con, "object_r")
|
||||
semanage_context_set_type(self.sh, con, type)
|
||||
semanage_context_set_mls(self.sh, con, serange)
|
||||
- semanage_port_set_con(p, con)
|
||||
semanage_begin_transaction(self.sh)
|
||||
+ semanage_port_set_con(p, con)
|
||||
semanage_port_add_local(self.sh, k, p)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to add port")
|
||||
@@ -285,25 +277,23 @@
|
||||
|
||||
def modify(self, port, proto, serange, setype):
|
||||
@@ -294,7 +294,7 @@
|
||||
else:
|
||||
raise ValueError("port %s/%s is not defined." % (proto,port))
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
|
||||
- if rc != 0:
|
||||
+ if rc < 0:
|
||||
- (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_port_exists(self.sh, k)
|
||||
if exists:
|
||||
- (rc,p) = semanage_port_query_local(self.sh, k)
|
||||
- (rc,exists) = semanage_port_exists(self.sh, k)
|
||||
- if exists:
|
||||
- (rc,p) = semanage_port_query(self.sh, k)
|
||||
- else:
|
||||
- raise ValueError("port %s/%s is not defined." % (proto,port))
|
||||
+ (rc,p) = semanage_port_query(self.sh, k)
|
||||
+ else:
|
||||
+ raise ValueError("port %s/%s is not defined." % (proto,port))
|
||||
|
||||
if rc < 0:
|
||||
raise ValueError("Could not query port for %s/%s" % (proto, port))
|
||||
|
||||
con = semanage_port_get_con(p)
|
||||
@@ -306,7 +306,7 @@
|
||||
semanage_port_set_con(p, con)
|
||||
- semanage_context_set_mls(self.sh, con, serange)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not get port context for %s/%s" % (proto, port))
|
||||
+
|
||||
if serange != "":
|
||||
semanage_context_set_mls(self.sh, con, serange)
|
||||
if setype != "":
|
||||
semanage_context_set_type(self.sh, con, setype)
|
||||
- semanage_port_set_con(p, con)
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_port_modify_local(self.sh, k, p)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Failed to add port")
|
||||
if semanage_commit(self.sh) < 0:
|
||||
@@ -311,9 +301,13 @@
|
||||
|
||||
def delete(self, port, proto):
|
||||
@@ -317,7 +317,7 @@
|
||||
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
||||
- (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||
+ (rc,exists) = semanage_port_exists(self.sh, k)
|
||||
if not exists:
|
||||
- raise ValueError("port %s/%s is not defined localy." % (proto,port))
|
||||
+ raise ValueError("port %s/%s is not defined." % (proto,port))
|
||||
+ else:
|
||||
+ (rc,exists) = semanage_port_exists_local(self.sh, k)
|
||||
+ if not exists:
|
||||
+ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port))
|
||||
|
||||
semanage_begin_transaction(self.sh)
|
||||
semanage_port_del_local(self.sh, k)
|
||||
- if semanage_commit(self.sh) != 0:
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
raise ValueError("Port %s/%s not defined" % (proto,port))
|
||||
@@ -338,27 +332,116 @@
|
||||
dict[(name,proto)].append("%d" % low)
|
||||
else:
|
||||
dict[(name,proto)].append("%d-%d" % (low, high))
|
||||
- (status, self.plist, self.psize) = semanage_port_list_local(self.sh)
|
||||
- for idx in range(self.psize):
|
||||
- u = semanage_port_by_idx(self.plist, idx)
|
||||
- con = semanage_port_get_con(u)
|
||||
- name = semanage_context_get_type(con)
|
||||
- proto=semanage_port_get_proto_str(u)
|
||||
- low=semanage_port_get_low(u)
|
||||
- high = semanage_port_get_high(u)
|
||||
- if (name, proto) not in dict.keys():
|
||||
- dict[(name,proto)]=[]
|
||||
- if low == high:
|
||||
- dict[(name,proto)].append("%d" % low)
|
||||
- else:
|
||||
- dict[(name,proto)].append("%d-%d" % (low, high))
|
||||
- for i in dict.keys():
|
||||
+ keys=dict.keys()
|
||||
+ keys.sort()
|
||||
+ for i in keys:
|
||||
rec = "%-30s %-8s " % i
|
||||
rec += "%s" % dict[i][0]
|
||||
for p in dict[i][1:]:
|
||||
rec += ", %s" % p
|
||||
print rec
|
||||
|
||||
def list(self, heading=1):
|
||||
+class interfaceRecords(semanageRecords):
|
||||
+ def __init__(self):
|
||||
+ semanageRecords.__init__(self)
|
||||
+
|
||||
+ def add(self, interface, serange, type):
|
||||
+ if serange == "":
|
||||
+ serange="s0"
|
||||
+
|
||||
+ if type == "":
|
||||
+ raise ValueError("Type is required")
|
||||
+
|
||||
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Can't create key for %s" % interface)
|
||||
+ (rc,exists) = semanage_iface_exists(self.sh, k)
|
||||
+ if exists:
|
||||
+ raise ValueError("Interface %s already defined" % interface)
|
||||
+
|
||||
+ (rc,iface) = semanage_iface_create(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create interface for %s" % (interface))
|
||||
+
|
||||
+ rc = semanage_iface_set_name(self.sh, iface, interface)
|
||||
+ (rc, con) = semanage_context_create(self.sh)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not create context for %s" % interface)
|
||||
+
|
||||
+ semanage_context_set_user(self.sh, con, "system_u")
|
||||
+ semanage_context_set_role(self.sh, con, "object_r")
|
||||
+ semanage_context_set_type(self.sh, con, type)
|
||||
+ semanage_context_set_mls(self.sh, con, serange)
|
||||
+ semanage_begin_transaction(self.sh)
|
||||
+ semanage_iface_set_ifcon(iface, con)
|
||||
+ semanage_iface_set_msgcon(iface, con)
|
||||
+ semanage_iface_add_local(self.sh, k, iface)
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
+ raise ValueError("Failed to add interface")
|
||||
+
|
||||
+ def modify(self, interface, serange, setype):
|
||||
+ if serange == "" and setype == "":
|
||||
+ raise ValueError("Requires, setype or serange")
|
||||
+
|
||||
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Can't creater key for %s" % interface)
|
||||
+ (rc,exists) = semanage_iface_exists(self.sh, k)
|
||||
+ if exists:
|
||||
+ (rc,p) = semanage_iface_query(self.sh, k)
|
||||
+ else:
|
||||
+ raise ValueError("interface %s is not defined." % interface)
|
||||
+
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not query interface for %s" % interface)
|
||||
+
|
||||
+ con = semanage_iface_get_ifcon(p)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Could not get interface context for %s" % interface)
|
||||
+
|
||||
+ if serange != "":
|
||||
+ semanage_context_set_mls(self.sh, con, serange)
|
||||
+ if setype != "":
|
||||
+ semanage_context_set_type(self.sh, con, setype)
|
||||
+
|
||||
+ semanage_begin_transaction(self.sh)
|
||||
+ semanage_iface_modify_local(self.sh, k, p)
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
+ raise ValueError("Failed to add interface")
|
||||
+
|
||||
+ def delete(self, interface):
|
||||
+ (rc,k) = semanage_iface_key_create(self.sh, interface)
|
||||
+ if rc < 0:
|
||||
+ raise ValueError("Can't create key for %s" % interface)
|
||||
+ (rc,exists) = semanage_iface_exists(self.sh, k)
|
||||
+ if not exists:
|
||||
+ raise ValueError("interface %s is not defined." % interface)
|
||||
+ else:
|
||||
+ (rc,exists) = semanage_iface_exists_local(self.sh, k)
|
||||
+ if not exists:
|
||||
+ raise ValueError("interface %s is not defined localy, can not be deleted." % interface)
|
||||
+
|
||||
+ semanage_begin_transaction(self.sh)
|
||||
+ semanage_iface_del_local(self.sh, k)
|
||||
+ if semanage_commit(self.sh) < 0:
|
||||
+ raise ValueError("Interface %s not defined" % interface)
|
||||
+
|
||||
+ def list(self, heading=1):
|
||||
+ (status, self.plist, self.psize) = semanage_iface_list(self.sh)
|
||||
+ if status < 0:
|
||||
+ raise ValueError("Unable to list interfaces")
|
||||
+
|
||||
+ if heading:
|
||||
+ print "%-30s %s\n" % ("SELinux Interface", "Context")
|
||||
+ dict={}
|
||||
+ for idx in range(self.psize):
|
||||
+ iface = semanage_iface_by_idx(self.plist, idx)
|
||||
+ name = semanage_iface_get_name(iface)
|
||||
+ con = semanage_iface_get_ifcon(iface)
|
||||
+
|
||||
+
|
||||
+ print "%-30s %s:%s:%s:%s " % (name,semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
|
||||
+
|
||||
if __name__ == '__main__':
|
||||
|
||||
def usage(message = ""):
|
||||
@@ -366,6 +449,7 @@
|
||||
semanage user [-admsRrh] SELINUX_USER\n\
|
||||
semanage login [-admsrh] LOGIN_NAME\n\
|
||||
semanage port [-admth] PORT | PORTRANGE\n\
|
||||
+semanage interface [-admth] INTERFACE\n\
|
||||
-a, --add Add a OBJECT record NAME\n\
|
||||
-d, --delete Delete a OBJECT record NAME\n\
|
||||
-h, --help display this message\n\
|
||||
@@ -391,7 +475,7 @@
|
||||
#
|
||||
#
|
||||
try:
|
||||
- objectlist = ("login", "user", "port")
|
||||
+ objectlist = ("login", "user", "port", "interface")
|
||||
input = sys.stdin
|
||||
output = sys.stdout
|
||||
serange = ""
|
||||
@@ -482,6 +566,9 @@
|
||||
if object == "port":
|
||||
OBJECT = portRecords()
|
||||
|
||||
+ if object == "interface":
|
||||
+ OBJECT = interfaceRecords()
|
||||
+
|
||||
if list:
|
||||
OBJECT.list(heading)
|
||||
sys.exit(0);
|
||||
@@ -504,6 +591,9 @@
|
||||
if object == "port":
|
||||
OBJECT.add(target, proto, serange, setype)
|
||||
|
||||
+ if object == "interface":
|
||||
+ OBJECT.add(target, serange, setype)
|
||||
+
|
||||
sys.exit(0);
|
||||
|
||||
if modify:
|
||||
@@ -516,7 +606,10 @@
|
||||
|
||||
if object == "port":
|
||||
OBJECT.modify(target, proto, serange, setype)
|
||||
- sys.exit(0);
|
||||
+
|
||||
+ if object == "interface":
|
||||
+ OBJECT.modify(target, serange, setype)
|
||||
+
|
||||
sys.exit(0);
|
||||
|
||||
if delete:
|
||||
|
@ -1,9 +1,9 @@
|
||||
%define libsepolver 1.11.2-2
|
||||
%define libsemanagever 1.5.4-3
|
||||
%define libsepolver 1.11.5-1
|
||||
%define libsemanagever 1.5.8-1
|
||||
%define libselinuxver 1.29.3-2
|
||||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.29.3
|
||||
Version: 1.29.4
|
||||
Release: 1
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
@ -96,6 +96,11 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
||||
|
||||
%changelog
|
||||
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.29.4-1
|
||||
- Update to match NSA
|
||||
* Merged genhomedircon and semanage patch from Dan Walsh.
|
||||
* Changed semodule error reporting to include argv[0].
|
||||
|
||||
* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.29.3-1
|
||||
- Update to match NSA
|
||||
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
|
||||
|
Loading…
Reference in New Issue
Block a user