Fix semanage module error handling

This commit is contained in:
Dan Walsh 2013-06-24 17:32:33 -04:00
parent 863699842d
commit e396b39f10
2 changed files with 62 additions and 37 deletions

View File

@ -246698,7 +246698,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"], + packages=["policycoreutils"],
+) +)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 6e33c85..1b5c89d 100644 index 6e33c85..423ee5a 100644
--- a/policycoreutils/semanage/semanage --- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage +++ b/policycoreutils/semanage/semanage
@@ -1,5 +1,7 @@ @@ -1,5 +1,7 @@
@ -246710,7 +246710,7 @@ index 6e33c85..1b5c89d 100644
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
# #
# semanage is a tool for managing SELinux configuration files # semanage is a tool for managing SELinux configuration files
@@ -19,564 +21,771 @@ @@ -19,564 +21,770 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA # 02111-1307 USA
# #
@ -247170,16 +247170,15 @@ index 6e33c85..1b5c89d 100644
+def handleModule(args): +def handleModule(args):
+ OBJECT = seobject.moduleRecords(store) + OBJECT = seobject.moduleRecords(store)
+ OBJECT.set_reload(args.noreload) + OBJECT.set_reload(args.noreload)
+ + if args.action == "add":
+ if args.action is "add": + OBJECT.add(args.module_name)
+ OBJECT.add(args.module) + if args.action == "enable":
+ if args.action is "enable": + OBJECT.enable(args.module_name)
+ OBJECT.enable(args.module) + if args.action == "disable":
+ if args.action is "disable": + OBJECT.disable(args.module_name)
+ OBJECT.disable(args.module) + if args.action == "delete":
+ if args.action is "delete": + OBJECT.delete(args.module_name)
+ OBJECT.delete(args.module) + if args.action == "list":
+ if args.action is "list":
+ OBJECT.list(args.noheading) + OBJECT.list(args.noheading)
+ +
+def setupModuleParser(subparsers): +def setupModuleParser(subparsers):
@ -249151,7 +249150,7 @@ index 28a9022..90b142e 100644
+usage: semanage [-h] +usage: semanage [-h]
+ +
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 85bc37f..eddd414 100644 index 85bc37f..d7e6e7f 100644
--- a/policycoreutils/semanage/seobject.py --- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -32,11 +32,10 @@ from IPy import IP @@ -32,11 +32,10 @@ from IPy import IP
@ -249170,7 +249169,16 @@ index 85bc37f..eddd414 100644
import syslog import syslog
@@ -461,7 +460,9 @@ class loginRecords(semanageRecords): @@ -285,6 +284,8 @@ class moduleRecords(semanageRecords):
print "%-25s%-10s%s" % (t[0], t[1], disabled)
def add(self, file):
+ if not os.path.exists(file):
+ raise ValueError(_("Module does not exists %s ") % file)
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
@@ -461,7 +462,9 @@ class loginRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name) raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists: if exists:
@ -249181,7 +249189,7 @@ index 85bc37f..eddd414 100644
if name[0] == '%': if name[0] == '%':
try: try:
grp.getgrnam(name[1:]) grp.getgrnam(name[1:])
@@ -731,7 +732,8 @@ class seluserRecords(semanageRecords): @@ -731,7 +734,8 @@ class seluserRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name) raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists: if exists:
@ -249191,7 +249199,7 @@ index 85bc37f..eddd414 100644
(rc, u) = semanage_user_create(self.sh) (rc, u) = semanage_user_create(self.sh)
if rc < 0: if rc < 0:
@@ -1274,7 +1276,8 @@ class nodeRecords(semanageRecords): @@ -1274,7 +1278,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k) (rc, exists) = semanage_node_exists(self.sh, k)
if exists: if exists:
@ -249201,7 +249209,7 @@ index 85bc37f..eddd414 100644
(rc, node) = semanage_node_create(self.sh) (rc, node) = semanage_node_create(self.sh)
if rc < 0: if rc < 0:
@@ -1475,7 +1478,8 @@ class interfaceRecords(semanageRecords): @@ -1475,7 +1480,8 @@ class interfaceRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface) raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists: if exists:
@ -249211,7 +249219,7 @@ index 85bc37f..eddd414 100644
(rc, iface) = semanage_iface_create(self.sh) (rc, iface) = semanage_iface_create(self.sh)
if rc < 0: if rc < 0:
@@ -1777,7 +1781,8 @@ class fcontextRecords(semanageRecords): @@ -1777,7 +1783,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target) raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists: if exists:
@ -249221,7 +249229,7 @@ index 85bc37f..eddd414 100644
(rc, fcontext) = semanage_fcontext_create(self.sh) (rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0: if rc < 0:
@@ -1970,7 +1975,7 @@ class fcontextRecords(semanageRecords): @@ -1970,7 +1977,7 @@ class fcontextRecords(semanageRecords):
if len(self.equiv): if len(self.equiv):
for target in self.equiv.keys(): for target in self.equiv.keys():
@ -249230,7 +249238,7 @@ index 85bc37f..eddd414 100644
return l return l
def list(self, heading = 1, locallist = 0 ): def list(self, heading = 1, locallist = 0 ):
@@ -2156,7 +2161,7 @@ class booleanRecords(semanageRecords): @@ -2156,7 +2163,7 @@ class booleanRecords(semanageRecords):
keys.sort() keys.sort()
for k in keys: for k in keys:
if ddict[k]: if ddict[k]:
@ -250323,7 +250331,7 @@ index b25d3b2..f38c17c 100755
except KeyboardInterrupt: except KeyboardInterrupt:
sys.exit(0) sys.exit(0)
diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py diff --git a/policycoreutils/sepolicy/sepolicy/__init__.py b/policycoreutils/sepolicy/sepolicy/__init__.py
index 5e7415c..08c371a 100644 index 5e7415c..1454071 100644
--- a/policycoreutils/sepolicy/sepolicy/__init__.py --- a/policycoreutils/sepolicy/sepolicy/__init__.py
+++ b/policycoreutils/sepolicy/sepolicy/__init__.py +++ b/policycoreutils/sepolicy/sepolicy/__init__.py
@@ -7,6 +7,9 @@ import _policy @@ -7,6 +7,9 @@ import _policy
@ -250336,7 +250344,7 @@ index 5e7415c..08c371a 100644
gettext.bindtextdomain(PROGNAME, "/usr/share/locale") gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME) gettext.textdomain(PROGNAME)
try: try:
@@ -37,9 +40,162 @@ CLASS = 'class' @@ -37,9 +40,176 @@ CLASS = 'class'
TRANSITION = 'transition' TRANSITION = 'transition'
ROLE_ALLOW = 'role_allow' ROLE_ALLOW = 'role_allow'
@ -250410,10 +250418,22 @@ index 5e7415c..08c371a 100644
+ return mpaths + return mpaths
+ +
+import os, pprint, re, sys +import os, pprint, re, sys
+def find_file(reg, path): +def find_file(reg):
+ if os.path.exists(reg):
+ return [ reg ]
+ pat = re.compile(r"%s$" % reg)
+ p = reg
+ if p.endswith("(/.*)?"):
+ p = p[:-6] + "/"
+
+ path = os.path.dirname(p)
+
+ if path[-1] != "/":
+ path += "/"
+
+ try: + try:
+ pat = re.compile(r"%s$" % reg) + pat = re.compile(r"%s$" % reg)
+ return filter(pat.match, map(lambda x: path + "/" + x, os.listdir(path))) + return filter(pat.match, map(lambda x: path + x, os.listdir(path)))
+ except: + except:
+ return [] + return []
+ +
@ -250441,9 +250461,8 @@ index 5e7415c..08c371a 100644
+ t = rec[-1].split(":")[2] + t = rec[-1].split(":")[2]
+ if t in fcdict: + if t in fcdict:
+ fcdict[t]["regex"].append(rec[0]) + fcdict[t]["regex"].append(rec[0])
+ fcdict[t]["paths"].append(find_file(rec[0], os.path.dirname(rec[0])))
+ else: + else:
+ fcdict[t] = { "regex": [ rec[0] ], "paths" : find_file(rec[0], os.path.dirname(rec[0])), "ftype": ftype} + fcdict[t] = { "regex": [ rec[0] ], "ftype": ftype}
+ except: + except:
+ pass + pass
+ fcdict["logfile"] = { "regex" : [ "all log files" ]} + fcdict["logfile"] = { "regex" : [ "all log files" ]}
@ -250465,13 +250484,15 @@ index 5e7415c..08c371a 100644
+ return None + return None
+ +
+def get_transitions(setype): +def get_transitions(setype):
try: + try:
- path = selinux.selinux_binary_policy_path()
+ return search([TRANSITION],{'source':setype, 'class':'process'}) + return search([TRANSITION],{'source':setype, 'class':'process'})
+ except TypeError: + except TypeError:
+ pass + pass
+ return None + return None
+ +
+def get_all_entrypoints():
+ return get_types_from_attribute("entry_type")
+
+def get_entrypoint_types(setype): +def get_entrypoint_types(setype):
+ entrypoints = None + entrypoints = None
+ entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'})) + entrypoints = map(lambda x: x['target'], search([ALLOW],{'source':setype, 'permlist':['entrypoint'], 'class':'file'}))
@ -250485,7 +250506,7 @@ index 5e7415c..08c371a 100644
+ pass + pass
+ return None + return None
+ +
+def get_all_entrypoints(setype): +def get_entrypoints(setype):
+ fcdict = get_fcdict() + fcdict = get_fcdict()
+ mpaths = {} + mpaths = {}
+ for f in get_entrypoint_types(setype): + for f in get_entrypoint_types(setype):
@ -250496,12 +250517,13 @@ index 5e7415c..08c371a 100644
+ return mpaths + return mpaths
+ +
+def get_installed_policy(root = "/"): +def get_installed_policy(root = "/"):
+ try: try:
- path = selinux.selinux_binary_policy_path()
+ path = root + selinux.selinux_binary_policy_path() + path = root + selinux.selinux_binary_policy_path()
policies = glob.glob ("%s.*" % path ) policies = glob.glob ("%s.*" % path )
policies.sort() policies.sort()
return policies[-1] return policies[-1]
@@ -47,6 +203,27 @@ def __get_installed_policy(): @@ -47,6 +217,27 @@ def __get_installed_policy():
pass pass
raise ValueError(_("No SELinux Policy installed")) raise ValueError(_("No SELinux Policy installed"))
@ -250529,7 +250551,7 @@ index 5e7415c..08c371a 100644
all_types = None all_types = None
def get_all_types(): def get_all_types():
global all_types global all_types
@@ -54,6 +231,13 @@ def get_all_types(): @@ -54,6 +245,13 @@ def get_all_types():
all_types = map(lambda x: x['name'], info(TYPE)) all_types = map(lambda x: x['name'], info(TYPE))
return all_types return all_types
@ -250543,7 +250565,7 @@ index 5e7415c..08c371a 100644
role_allows = None role_allows = None
def get_all_role_allows(): def get_all_role_allows():
global role_allows global role_allows
@@ -71,6 +255,7 @@ def get_all_role_allows(): @@ -71,6 +269,7 @@ def get_all_role_allows():
return role_allows return role_allows
def get_all_entrypoint_domains(): def get_all_entrypoint_domains():
@ -250551,7 +250573,7 @@ index 5e7415c..08c371a 100644
all_domains = [] all_domains = []
types=get_all_types() types=get_all_types()
types.sort() types.sort()
@@ -81,11 +266,54 @@ def get_all_entrypoint_domains(): @@ -81,11 +280,54 @@ def get_all_entrypoint_domains():
all_domains.append(m[0]) all_domains.append(m[0])
return all_domains return all_domains
@ -250607,7 +250629,7 @@ index 5e7415c..08c371a 100644
return all_domains return all_domains
roles = None roles = None
@@ -139,50 +367,95 @@ def get_all_attributes(): @@ -139,50 +381,95 @@ def get_all_attributes():
return all_attributes return all_attributes
def policy(policy_file): def policy(policy_file):
@ -250728,7 +250750,7 @@ index 5e7415c..08c371a 100644
def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
global booleans_dict global booleans_dict
if booleans_dict: if booleans_dict:
@@ -191,7 +464,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"): @@ -191,7 +478,7 @@ def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
import re import re
booleans_dict = {} booleans_dict = {}
try: try:

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.14 Version: 2.1.14
Release: 59%{?dist} Release: 60%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -309,6 +309,9 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service %systemd_postun_with_restart restorecond.service
%changelog %changelog
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
- Fix semanage module error handling
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59 * Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
- Add back default exception handling for errors, which argparse rewrite removed. - Add back default exception handling for errors, which argparse rewrite removed.