971815adbf
- Fix audit2allow to generate all rules
1087 lines
35 KiB
Diff
1087 lines
35 KiB
Diff
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.29.26/audit2allow/audit2allow
|
|
--- nsapolicycoreutils/audit2allow/audit2allow 2005-12-08 12:52:44.000000000 -0500
|
|
+++ policycoreutils-1.29.26/audit2allow/audit2allow 2006-03-06 09:44:31.000000000 -0500
|
|
@@ -25,6 +25,118 @@
|
|
#
|
|
#
|
|
import commands, sys, os, pwd, string, getopt, re, selinux
|
|
+
|
|
+obj="(\{[^\}]*\}|[^ \t:]*)"
|
|
+allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)
|
|
+
|
|
+awk_script='/^[[:blank:]]*interface[[:blank:]]*\(/ {\n\
|
|
+ IFACEFILE=FILENAME\n\
|
|
+ IFACENAME = gensub("^[[:blank:]]*interface[[:blank:]]*\\\\(\`?","","g",$0);\n\
|
|
+ IFACENAME = gensub("\'?,.*$","","g",IFACENAME);\n\
|
|
+}\n\
|
|
+\n\
|
|
+/^[[:blank:]]*allow[[:blank:]]+.*;[[:blank:]]*$/ {\n\
|
|
+\n\
|
|
+ if ((length(IFACENAME) > 0) && (IFACEFILE == FILENAME)){\n\
|
|
+ ALLOW = gensub("^[[:blank:]]*","","g",$0)\n\
|
|
+ ALLOW = gensub(";[[:blank:]]*$","","g",$0)\n\
|
|
+ print FILENAME "\\t" IFACENAME "\\t" ALLOW;\n\
|
|
+ }\n\
|
|
+}\
|
|
+'
|
|
+
|
|
+class accessTrans:
|
|
+ def __init__(self):
|
|
+ self.dict={}
|
|
+ try:
|
|
+ fd=open("/usr/share/selinux/devel/include/support/obj_perm_sets.spt")
|
|
+ except IOError, error:
|
|
+ raise IOError("Reference policy generation requires the policy development package.\n%s" % error)
|
|
+ records=fd.read().split("\n")
|
|
+ regexp="^define *\(`([^']*)' *, *` *\{([^}]*)}'"
|
|
+ for r in records:
|
|
+ m=re.match(regexp,r)
|
|
+ if m!=None:
|
|
+ self.dict[m.groups()[0]] = m.groups()[1].split()
|
|
+ fd.close()
|
|
+ def get(self, var):
|
|
+ l=[]
|
|
+ for v in var:
|
|
+ if v in self.dict.keys():
|
|
+ l += self.dict[v]
|
|
+ else:
|
|
+ if v not in ("{", "}"):
|
|
+ l.append(v)
|
|
+ return l
|
|
+
|
|
+class interfaces:
|
|
+ def __init__(self):
|
|
+ self.dict={}
|
|
+ trans=accessTrans()
|
|
+ (input, output) = os.popen2("awk -f - /usr/share/selinux/devel/include/*/*.if 2> /dev/null")
|
|
+ input.write(awk_script)
|
|
+ input.close()
|
|
+ records=output.read().split("\n")
|
|
+ input.close()
|
|
+ if len(records) > 0:
|
|
+ regexp="([^ \t]*)[ \t]+([^ \t]*)[ \t]+%s" % allow_regexp
|
|
+ for r in records:
|
|
+ m=re.match(regexp,r)
|
|
+ if m==None:
|
|
+ continue
|
|
+ else:
|
|
+ val=m.groups()
|
|
+ file=os.path.basename(val[0]).split(".")[0]
|
|
+ iface=val[1]
|
|
+ Scon=val[2].split()
|
|
+ Tcon=val[3].split()
|
|
+ Class=val[4].split()
|
|
+ Access=trans.get(val[5].split())
|
|
+ for s in Scon:
|
|
+ for t in Tcon:
|
|
+ for c in Class:
|
|
+ if (s, t, c) not in self.dict.keys():
|
|
+ self.dict[(s, t, c)]=[]
|
|
+ self.dict[(s, t, c)].append((Access, file, iface))
|
|
+ def out(self):
|
|
+ keys=self.dict.keys()
|
|
+ keys.sort()
|
|
+ for k in keys:
|
|
+ print k
|
|
+ for i in self.dict[k]:
|
|
+ print "\t", i
|
|
+
|
|
+ def match(self, Scon, Tcon, Class, Access):
|
|
+ keys=self.dict.keys()
|
|
+ ret=[]
|
|
+ if (Scon, Tcon, Class) in keys:
|
|
+ for i in self.dict[(Scon, Tcon, Class)]:
|
|
+ if Access in i[0]:
|
|
+ if i[2].find(Access) >= 0:
|
|
+ ret.insert(0, i)
|
|
+ else:
|
|
+ ret.append(i)
|
|
+ return ret
|
|
+ if ("$1", Tcon, Class) in keys:
|
|
+ for i in self.dict[("$1", Tcon, Class)]:
|
|
+ if Access in i[0]:
|
|
+ if i[2].find(Access) >= 0:
|
|
+ ret.insert(0, i)
|
|
+ else:
|
|
+ ret.append(i)
|
|
+ return ret
|
|
+ if (Scon, "$1", Class) in keys:
|
|
+ for i in self.dict[(Scon, "$1", Class)]:
|
|
+ if Access in i[0]:
|
|
+ if i[2].find(Access) >= 0:
|
|
+ ret.insert(0, i)
|
|
+ else:
|
|
+ ret.append(i)
|
|
+ return ret
|
|
+ else:
|
|
+ return ret
|
|
+
|
|
+
|
|
class serule:
|
|
def __init__(self, type, source, target, seclass):
|
|
self.type=type
|
|
@@ -32,6 +144,8 @@
|
|
self.target=target
|
|
self.seclass=seclass
|
|
self.avcinfo={}
|
|
+ self.iface=None
|
|
+
|
|
def add(self, avc):
|
|
for a in avc[0]:
|
|
if a not in self.avcinfo.keys():
|
|
@@ -67,6 +181,33 @@
|
|
ret=ret + " : " + i
|
|
return ret
|
|
|
|
+ def gen_reference_policy(self, iface):
|
|
+ ret=""
|
|
+ Scon=self.source
|
|
+ Tcon=self.gettarget()
|
|
+ Class=self.seclass
|
|
+ Access=self.getAccess()
|
|
+ m=iface.match(Scon,Tcon,Class,Access)
|
|
+ if len(m)==0:
|
|
+ return self.out()
|
|
+ else:
|
|
+ file=m[0][1]
|
|
+ ret="\n#%s\n"% self.out()
|
|
+ ret += "optional_policy(`%s', `\n" % m[0][1]
|
|
+ first=True
|
|
+ for i in m:
|
|
+ if file != i[1]:
|
|
+ ret += "')\ngen_require(`%s', `\n" % i[1]
|
|
+ file = i[1]
|
|
+ first=True
|
|
+ if first:
|
|
+ ret += "\t%s(%s)\n" % (i[2], Scon)
|
|
+ first=False
|
|
+ else:
|
|
+ ret += "#\t%s(%s)\n" % (i[2], Scon)
|
|
+ ret += "');"
|
|
+ return ret
|
|
+
|
|
def gettarget(self):
|
|
if self.source == self.target:
|
|
return "self"
|
|
@@ -81,7 +222,12 @@
|
|
self.types=[]
|
|
self.roles=[]
|
|
self.load(input, te_ind)
|
|
-
|
|
+ self.gen_ref_policy = False
|
|
+
|
|
+ def gen_reference_policy(self):
|
|
+ self.gen_ref_policy = True
|
|
+ self.iface=interfaces()
|
|
+
|
|
def warning(self, error):
|
|
sys.stderr.write("%s: " % sys.argv[0])
|
|
sys.stderr.write("%s\n" % error)
|
|
@@ -104,7 +250,8 @@
|
|
while line:
|
|
rec=line.split()
|
|
for i in rec:
|
|
- if i=="avc:" or i=="message=avc:":
|
|
+ if i=="avc:" or i=="message=avc:" or i=="msg='avc:":
|
|
+
|
|
found=1
|
|
else:
|
|
avc.append(i)
|
|
@@ -166,7 +313,7 @@
|
|
self.add_seclass(seclass, access)
|
|
self.add_type(tcon)
|
|
self.add_type(scon)
|
|
- if (type, scon, tcon, seclass) not in self.seRules.keys():
|
|
+ if (rule_type, scon, tcon, seclass) not in self.seRules.keys():
|
|
self.seRules[(rule_type, scon, tcon, seclass)]=serule(rule_type, scon, tcon, seclass)
|
|
|
|
self.seRules[(rule_type, scon, tcon, seclass)].add((access, msg, comm, name ))
|
|
@@ -182,9 +329,10 @@
|
|
if "security_compute_sid" in avc:
|
|
return
|
|
|
|
+ if "load_policy" in avc and self.last_reload:
|
|
+ self.seRules={}
|
|
+
|
|
if "granted" in avc:
|
|
- if "load_policy" in avc and self.last_reload:
|
|
- self.seRules={}
|
|
return
|
|
try:
|
|
for i in range (0, len(avc)):
|
|
@@ -292,7 +440,10 @@
|
|
keys=self.seRules.keys()
|
|
keys.sort()
|
|
for i in keys:
|
|
- rec += self.seRules[i].out(verbose)+"\n"
|
|
+ if self.gen_ref_policy:
|
|
+ rec += self.seRules[i].gen_reference_policy(self.iface)+"\n"
|
|
+ else:
|
|
+ rec += self.seRules[i].out(verbose)+"\n"
|
|
return rec
|
|
|
|
if __name__ == '__main__':
|
|
@@ -342,11 +493,12 @@
|
|
buildPP=0
|
|
input_ind=0
|
|
output_ind=0
|
|
+ ref_ind=False
|
|
te_ind=0
|
|
|
|
fc_file=""
|
|
gopts, cmds = getopt.getopt(sys.argv[1:],
|
|
- 'adf:hi:lm:M:o:rtv',
|
|
+ 'adf:hi:lm:M:o:rtvR',
|
|
['all',
|
|
'dmesg',
|
|
'fcfile=',
|
|
@@ -356,6 +508,7 @@
|
|
'module=',
|
|
'output=',
|
|
'requires',
|
|
+ 'reference',
|
|
'tefile',
|
|
'verbose'
|
|
])
|
|
@@ -397,6 +550,9 @@
|
|
if auditlogs:
|
|
usage()
|
|
te_ind=1
|
|
+ if o == "-R" or o == "--reference":
|
|
+ ref_ind=True
|
|
+
|
|
if o == "-o" or o == "--output":
|
|
if module != "" or a[0]=="-":
|
|
usage()
|
|
@@ -413,6 +569,10 @@
|
|
|
|
out=seruleRecords(input, last_reload, verbose, te_ind)
|
|
|
|
+
|
|
+ if ref_ind:
|
|
+ out.gen_reference_policy()
|
|
+
|
|
if auditlogs:
|
|
input=os.popen("ausearch -m avc")
|
|
out.load(input)
|
|
@@ -423,15 +583,15 @@
|
|
output.flush()
|
|
if buildPP:
|
|
cmd="checkmodule %s -m -o %s.mod %s.te" % (get_mls_flag(), module, module)
|
|
- print "Compiling policy: %s" % cmd
|
|
+ print "Compiling policy"
|
|
+ print cmd
|
|
rc=commands.getstatusoutput(cmd)
|
|
if rc[0]==0:
|
|
cmd="semodule_package -o %s.pp -m %s.mod" % (module, module)
|
|
- print cmd
|
|
if fc_file != "":
|
|
cmd = "%s -f %s" % (cmd, fc_file)
|
|
|
|
- print "Building package: %s" % cmd
|
|
+ print cmd
|
|
rc=commands.getstatusoutput(cmd)
|
|
if rc[0]==0:
|
|
print ("\n******************** IMPORTANT ***********************\n")
|
|
@@ -446,6 +606,6 @@
|
|
except ValueError, error:
|
|
errorExit(error.args[0])
|
|
except IOError, error:
|
|
- errorExit(error.args[1])
|
|
+ errorExit(error)
|
|
except KeyboardInterrupt, error:
|
|
sys.exit(0)
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-1.29.26/audit2allow/audit2allow.1
|
|
--- nsapolicycoreutils/audit2allow/audit2allow.1 2005-12-01 10:11:27.000000000 -0500
|
|
+++ policycoreutils-1.29.26/audit2allow/audit2allow.1 2006-02-23 16:32:45.000000000 -0500
|
|
@@ -65,6 +65,9 @@
|
|
.B "\-r" | "\-\-requires"
|
|
Generate require output syntax for loadable modules.
|
|
.TP
|
|
+.B "\-R" | "\-\-reference"
|
|
+Generate reference policy using installed macros
|
|
+.TP
|
|
.B "\-t " | "\-\-tefile"
|
|
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
|
|
.TP
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.26/scripts/chcat
|
|
--- nsapolicycoreutils/scripts/chcat 2006-01-27 01:16:33.000000000 -0500
|
|
+++ policycoreutils-1.29.26/scripts/chcat 2006-03-03 18:21:05.000000000 -0500
|
|
@@ -320,7 +320,7 @@
|
|
if len(cats) > 1 and cats[1] != "s0":
|
|
print "%s: %s" % (u, cats[1])
|
|
else:
|
|
- print "%s:" % u
|
|
+ print "%s: %s" % (u, cats[0])
|
|
|
|
def error(msg):
|
|
print "%s: %s" % (sys.argv[0], msg)
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.29.26/scripts/fixfiles
|
|
--- nsapolicycoreutils/scripts/fixfiles 2006-01-04 13:07:46.000000000 -0500
|
|
+++ policycoreutils-1.29.26/scripts/fixfiles 2006-02-23 17:12:53.000000000 -0500
|
|
@@ -124,7 +124,10 @@
|
|
exit $?
|
|
fi
|
|
if [ ! -z "$DIRS" ]; then
|
|
- ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $1 -v $DIRS 2>&1 >> $LOGFILE
|
|
+ for d in ${DIRS} ; do find $d \
|
|
+ ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune -o -print; \
|
|
+ ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $1 -v -f - 2>&1 >> $LOGFILE
|
|
+ done
|
|
exit $?
|
|
fi
|
|
LogReadOnly
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.26/semanage/semanage
|
|
--- nsapolicycoreutils/semanage/semanage 2006-02-16 13:35:28.000000000 -0500
|
|
+++ policycoreutils-1.29.26/semanage/semanage 2006-02-23 16:32:45.000000000 -0500
|
|
@@ -22,6 +22,9 @@
|
|
#
|
|
import os, sys, getopt
|
|
import seobject
|
|
+import selinux
|
|
+
|
|
+is_mls_enabled=selinux.is_selinux_mls_enabled()
|
|
|
|
if __name__ == '__main__':
|
|
|
|
@@ -57,13 +60,13 @@
|
|
-p (named pipe) \n\n\
|
|
\
|
|
-p, --proto Port protocol (tcp or udp)\n\
|
|
- -L, --level Default SELinux Level\n\
|
|
+ -L, --level Default SELinux Level (MLS/MCS Systems only)\n\
|
|
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
|
|
-T, --trans SELinux Level Translation\n\n\
|
|
\
|
|
-s, --seuser SELinux User Name\n\
|
|
-t, --type SELinux Type for the object\n\
|
|
- -r, --range MLS/MCS Security Range\n\
|
|
+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only\n\
|
|
'
|
|
print message
|
|
sys.exit(1)
|
|
@@ -167,12 +170,16 @@
|
|
modify = 1
|
|
|
|
if o == "-r" or o == '--range':
|
|
+ if is_mls_enabled == 0:
|
|
+ errorExit("range not supported on Non MLS machines")
|
|
serange = a
|
|
|
|
if o == "-l" or o == "--list":
|
|
list = 1
|
|
|
|
if o == "-L" or o == '--level':
|
|
+ if is_mls_enabled == 0:
|
|
+ errorExit("range not supported on Non MLS machines")
|
|
selevel = a
|
|
|
|
if o == "-p" or o == '--proto':
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-1.29.26/semanage/semanage.8
|
|
--- nsapolicycoreutils/semanage/semanage.8 2006-01-27 01:16:33.000000000 -0500
|
|
+++ policycoreutils-1.29.26/semanage/semanage.8 2006-02-23 16:32:45.000000000 -0500
|
|
@@ -46,7 +46,7 @@
|
|
List the OBJECTS
|
|
.TP
|
|
.I \-L, \-\-level
|
|
-Default SELinux Level for SELinux use. (s0)
|
|
+Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
|
|
.TP
|
|
.I \-m, \-\-modify
|
|
Modify a OBJECT record NAME
|
|
@@ -58,7 +58,7 @@
|
|
Protocol for the specified port (tcp|udp).
|
|
.TP
|
|
.I \-r, \-\-range
|
|
-MLS/MCS Security Range
|
|
+MLS/MCS Security Range (MLS/MCS Systems only)
|
|
.TP
|
|
.I \-R, \-\-role
|
|
SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify \-R multiple times.
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.26/semanage/seobject.py
|
|
--- nsapolicycoreutils/semanage/seobject.py 2006-02-16 13:35:28.000000000 -0500
|
|
+++ policycoreutils-1.29.26/semanage/seobject.py 2006-03-03 18:20:37.000000000 -0500
|
|
@@ -21,9 +21,43 @@
|
|
#
|
|
#
|
|
|
|
-import pwd, string, selinux, tempfile, os, re
|
|
+import pwd, string, selinux, tempfile, os, re, sys
|
|
from semanage import *;
|
|
|
|
+is_mls_enabled=selinux.is_selinux_mls_enabled()
|
|
+import syslog
|
|
+try:
|
|
+ import audit
|
|
+ class logger:
|
|
+ def __init__(self):
|
|
+ self.audit_fd=audit.audit_open()
|
|
+
|
|
+ def log(self, success, msg, name="", sename="", serole="", serange="", old_sename="", old_serole="", old_serange=""):
|
|
+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],msg, name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
|
|
+except:
|
|
+ class logger:
|
|
+ def log(self, success, msg, name="", sename="", serole="", serange="", old_sename="", old_serole="", old_serange=""):
|
|
+ if success == 1:
|
|
+ message = "Successful: "
|
|
+ else:
|
|
+ message = "Failed: "
|
|
+ message += " %s name=%s" % (msg,name)
|
|
+ if sename != "":
|
|
+ message += " sename=" + sename
|
|
+ if old_sename != "":
|
|
+ message += " old_sename=" + old_sename
|
|
+ if serole != "":
|
|
+ message += " role=" + serole
|
|
+ if old_serole != "":
|
|
+ message += " old_role=" + old_serole
|
|
+ if serange != "":
|
|
+ message += " MLSRange=" + serange
|
|
+ if old_serange != "":
|
|
+ message += " old_MLSRange=" + old_serange
|
|
+ syslog.syslog(message);
|
|
+
|
|
+mylog=logger()
|
|
+
|
|
def validate_level(raw):
|
|
sensitivity="s([0-9]|1[0-5])"
|
|
category="c(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])"
|
|
@@ -143,6 +177,7 @@
|
|
def __init__(self):
|
|
self.sh = semanage_handle_create()
|
|
self.semanaged = semanage_is_managed(self.sh)
|
|
+
|
|
if not self.semanaged:
|
|
semanage_handle_destroy(self.sh)
|
|
raise ValueError("SELinux policy is not managed or store cannot be accessed.")
|
|
@@ -162,127 +197,154 @@
|
|
semanageRecords.__init__(self)
|
|
|
|
def add(self, name, sename, serange):
|
|
- if serange == "":
|
|
- serange = "s0"
|
|
- else:
|
|
- serange = untranslate(serange)
|
|
+ if is_mls_enabled == 1:
|
|
+ if serange == "":
|
|
+ serange = "s0"
|
|
+ else:
|
|
+ serange = untranslate(serange)
|
|
|
|
if sename == "":
|
|
sename = "user_u"
|
|
|
|
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
-
|
|
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
- if exists:
|
|
- raise ValueError("Login mapping for %s is already defined" % name)
|
|
try:
|
|
- pwd.getpwnam(name)
|
|
- except:
|
|
- raise ValueError("Linux User %s does not exist" % name)
|
|
-
|
|
- (rc,u) = semanage_seuser_create(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create login mapping for %s" % name)
|
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
|
|
- rc = semanage_seuser_set_name(self.sh, u, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set name for %s" % name)
|
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
+ if exists:
|
|
+ raise ValueError("Login mapping for %s is already defined" % name)
|
|
+ try:
|
|
+ pwd.getpwnam(name)
|
|
+ except:
|
|
+ raise ValueError("Linux User %s does not exist" % name)
|
|
|
|
- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set MLS range for %s" % name)
|
|
+ (rc,u) = semanage_seuser_create(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create login mapping for %s" % name)
|
|
|
|
- rc = semanage_seuser_set_sename(self.sh, u, sename)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set SELinux user for %s" % name)
|
|
+ rc = semanage_seuser_set_name(self.sh, u, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set name for %s" % name)
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not start semanage transaction")
|
|
+ rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set MLS range for %s" % name)
|
|
|
|
- rc = semanage_seuser_modify_local(self.sh, k, u)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not add login mapping for %s" % name)
|
|
+ rc = semanage_seuser_set_sename(self.sh, u, sename)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set SELinux user for %s" % name)
|
|
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not add login mapping for %s" % name)
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not start semanage transaction")
|
|
|
|
+ rc = semanage_seuser_modify_local(self.sh, k, u)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not add login mapping for %s" % name)
|
|
+
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not add login mapping for %s" % name)
|
|
+
|
|
+ except ValueError, error:
|
|
+ mylog.log(0, "add SELinux user mapping", name, sename, "", serange);
|
|
+ raise error
|
|
+
|
|
+ mylog.log(1, "add SELinux user mapping", name, sename, "", serange);
|
|
semanage_seuser_key_free(k)
|
|
semanage_seuser_free(u)
|
|
|
|
def modify(self, name, sename = "", serange = ""):
|
|
- if sename == "" and serange == "":
|
|
- raise ValueError("Requires seuser or serange")
|
|
+ oldsename=""
|
|
+ oldserange=""
|
|
+ try:
|
|
+ if sename == "" and serange == "":
|
|
+ raise ValueError("Requires seuser or serange")
|
|
|
|
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
|
|
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("Login mapping for %s is not defined" % name)
|
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("Login mapping for %s is not defined" % name)
|
|
|
|
- (rc,u) = semanage_seuser_query(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not query seuser for %s" % name)
|
|
+ (rc,u) = semanage_seuser_query(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not query seuser for %s" % name)
|
|
|
|
- if serange != "":
|
|
- semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
|
|
- if sename != "":
|
|
- semanage_seuser_set_sename(self.sh, u, sename)
|
|
+ oldserange=semanage_seuser_get_mlsrange(u)
|
|
+ oldsename=semanage_seuser_get_sename(u)
|
|
+ if serange != "":
|
|
+ semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
|
|
+ else:
|
|
+ serange=oldserange
|
|
+ if sename != "":
|
|
+ semanage_seuser_set_sename(self.sh, u, sename)
|
|
+ else:
|
|
+ sename=oldsename
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not srart semanage transaction")
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not srart semanage transaction")
|
|
|
|
- rc = semanage_seuser_modify_local(self.sh, k, u)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not modify login mapping for %s" % name)
|
|
-
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not modify login mapping for %s" % name)
|
|
+ rc = semanage_seuser_modify_local(self.sh, k, u)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not modify login mapping for %s" % name)
|
|
+
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not modify login mapping for %s" % name)
|
|
|
|
+ except ValueError, error:
|
|
+ mylog.log(0,"modify selinux user mapping", name, sename,"", serange, oldsename, "", oldserange);
|
|
+ raise error
|
|
+
|
|
+ mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
|
|
semanage_seuser_key_free(k)
|
|
semanage_seuser_free(u)
|
|
|
|
def delete(self, name):
|
|
- (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
+ try:
|
|
+ (rc,k) = semanage_seuser_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
|
|
- (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("Login mapping for %s is not defined" % name)
|
|
+ (rc,exists) = semanage_seuser_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("Login mapping for %s is not defined" % name)
|
|
|
|
- (rc,exists) = semanage_seuser_exists_local(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
|
|
+ (rc,exists) = semanage_seuser_exists_local(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if login mapping for %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("Login mapping for %s is defined in policy, cannot be deleted" % name)
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not start semanage transaction")
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not start semanage transaction")
|
|
|
|
- rc = semanage_seuser_del_local(self.sh, k)
|
|
+ rc = semanage_seuser_del_local(self.sh, k)
|
|
|
|
- if rc < 0:
|
|
- raise ValueError("Could not delete login mapping for %s" % name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not delete login mapping for %s" % name)
|
|
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not delete login mapping for %s" % name)
|
|
-
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not delete login mapping for %s" % name)
|
|
+
|
|
+ except ValueError, error:
|
|
+ mylog.log(0,"delete SELinux user mapping", name);
|
|
+ raise error
|
|
+
|
|
+ mylog.log(1,"delete SELinux user mapping", name);
|
|
semanage_seuser_key_free(k)
|
|
|
|
|
|
@@ -298,150 +360,179 @@
|
|
return ddict
|
|
|
|
def list(self,heading=1):
|
|
- if heading:
|
|
- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
|
|
ddict=self.get_all()
|
|
keys=ddict.keys()
|
|
keys.sort()
|
|
- for k in keys:
|
|
- print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
|
|
+ if is_mls_enabled == 1:
|
|
+ if heading:
|
|
+ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range")
|
|
+ for k in keys:
|
|
+ print "%-25s %-25s %-25s" % (k, ddict[k][0], translate(ddict[k][1]))
|
|
+ else:
|
|
+ if heading:
|
|
+ print "\n%-25s %-25s\n" % ("Login Name", "SELinux User")
|
|
+ for k in keys:
|
|
+ print "%-25s %-25s %-25s" % (k, ddict[k][0])
|
|
|
|
class seluserRecords(semanageRecords):
|
|
def __init__(self):
|
|
semanageRecords.__init__(self)
|
|
|
|
def add(self, name, roles, selevel, serange):
|
|
- if serange == "":
|
|
- serange = "s0"
|
|
- else:
|
|
- serange = untranslate(serange)
|
|
+ if is_mls_enabled == 1:
|
|
+ if serange == "":
|
|
+ serange = "s0"
|
|
+ else:
|
|
+ serange = untranslate(serange)
|
|
|
|
- if selevel == "":
|
|
- selevel = "s0"
|
|
- else:
|
|
- selevel = untranslate(selevel)
|
|
-
|
|
- (rc,k) = semanage_user_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
-
|
|
- (rc,exists) = semanage_user_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
- if exists:
|
|
- raise ValueError("SELinux user %s is already defined" % name)
|
|
-
|
|
- (rc,u) = semanage_user_create(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create SELinux user for %s" % name)
|
|
+ if selevel == "":
|
|
+ selevel = "s0"
|
|
+ else:
|
|
+ selevel = untranslate(selevel)
|
|
+
|
|
+ seroles=" ".join(roles)
|
|
+ try:
|
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
|
|
- rc = semanage_user_set_name(self.sh, u, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set name for %s" % name)
|
|
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
+ if exists:
|
|
+ raise ValueError("SELinux user %s is already defined" % name)
|
|
|
|
- for r in roles:
|
|
- rc = semanage_user_add_role(self.sh, u, r)
|
|
+ (rc,u) = semanage_user_create(self.sh)
|
|
if rc < 0:
|
|
- raise ValueError("Could not add role %s for %s" % (r, name))
|
|
+ raise ValueError("Could not create SELinux user for %s" % name)
|
|
|
|
- rc = semanage_user_set_mlsrange(self.sh, u, serange)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set MLS range for %s" % name)
|
|
+ rc = semanage_user_set_name(self.sh, u, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set name for %s" % name)
|
|
|
|
- rc = semanage_user_set_mlslevel(self.sh, u, selevel)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not set MLS level for %s" % name)
|
|
+ for r in roles:
|
|
+ rc = semanage_user_add_role(self.sh, u, r)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not add role %s for %s" % (r, name))
|
|
+
|
|
+ if is_mls_enabled == 1:
|
|
+ rc = semanage_user_set_mlsrange(self.sh, u, serange)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set MLS range for %s" % name)
|
|
+
|
|
+ rc = semanage_user_set_mlslevel(self.sh, u, selevel)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not set MLS level for %s" % name)
|
|
|
|
- (rc,key) = semanage_user_key_extract(self.sh,u)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not extract key for %s" % name)
|
|
+ (rc,key) = semanage_user_key_extract(self.sh,u)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not extract key for %s" % name)
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not start semanage transaction")
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not start semanage transaction")
|
|
|
|
- rc = semanage_user_modify_local(self.sh, k, u)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not add SELinux user %s" % name)
|
|
+ rc = semanage_user_modify_local(self.sh, k, u)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not add SELinux user %s" % name)
|
|
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not add SELinux user %s" % name)
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not add SELinux user %s" % name)
|
|
|
|
+ except ValueError, error:
|
|
+ mylog.log(0,"add SELinux user record", name, name, seroles, serange)
|
|
+ raise error
|
|
+
|
|
+ mylog.log(1,"add SELinux user record", name, name, seroles, serange)
|
|
semanage_user_key_free(k)
|
|
semanage_user_free(u)
|
|
|
|
def modify(self, name, roles = [], selevel = "", serange = ""):
|
|
- if len(roles) == 0 and serange == "" and selevel == "":
|
|
- raise ValueError("Requires roles, level or range")
|
|
+ try:
|
|
+ if len(roles) == 0 and serange == "" and selevel == "":
|
|
+ if is_mls_enabled == 1:
|
|
+ raise ValueError("Requires roles, level or range")
|
|
+ else:
|
|
+ raise ValueError("Requires roles")
|
|
|
|
- (rc,k) = semanage_user_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
|
|
- (rc,exists) = semanage_user_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("SELinux user %s is not defined" % name)
|
|
-
|
|
- (rc,u) = semanage_user_query(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not query user for %s" % name)
|
|
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("SELinux user %s is not defined" % name)
|
|
|
|
- if serange != "":
|
|
- semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
|
- if selevel != "":
|
|
- semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
|
-
|
|
- if len(roles) != 0:
|
|
- for r in roles:
|
|
- semanage_user_add_role(self.sh, u, r)
|
|
+ (rc,u) = semanage_user_query(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not query user for %s" % name)
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not start semanage transaction")
|
|
+ if serange != "":
|
|
+ semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
|
|
+ if selevel != "":
|
|
+ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
|
|
+
|
|
+ if len(roles) != 0:
|
|
+ for r in roles:
|
|
+ semanage_user_add_role(self.sh, u, r)
|
|
|
|
- rc = semanage_user_modify_local(self.sh, k, u)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not modify SELinux user %s" % name)
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not start semanage transaction")
|
|
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not modify SELinux user %s" % name)
|
|
+ rc = semanage_user_modify_local(self.sh, k, u)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not modify SELinux user %s" % name)
|
|
+
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not modify SELinux user %s" % name)
|
|
+
|
|
+ except ValueError, error:
|
|
+ mylog.log(0,"modify SELinux user record", name, seuser, seroles, serange, oldseuser, oldseroles, olrserange)
|
|
+ raise error
|
|
|
|
+ mylog.log(1,"modify SELinux user record", name, seuser, seroles, serange, oldseuser, oldseroles, olrserange)
|
|
semanage_user_key_free(k)
|
|
semanage_user_free(u)
|
|
|
|
def delete(self, name):
|
|
- (rc,k) = semanage_user_key_create(self.sh, name)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not create a key for %s" % name)
|
|
-
|
|
- (rc,exists) = semanage_user_exists(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("SELinux user %s is not defined" % name)
|
|
+ try:
|
|
+ (rc,k) = semanage_user_key_create(self.sh, name)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not create a key for %s" % name)
|
|
+
|
|
+ (rc,exists) = semanage_user_exists(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("SELinux user %s is not defined" % name)
|
|
|
|
- (rc,exists) = semanage_user_exists_local(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
- if not exists:
|
|
- raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
|
|
+ (rc,exists) = semanage_user_exists_local(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not check if SELinux user %s is defined" % name)
|
|
+ if not exists:
|
|
+ raise ValueError("SELinux user %s is defined in policy, cannot be deleted" % name)
|
|
|
|
- rc = semanage_begin_transaction(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not start semanage transaction")
|
|
+ rc = semanage_begin_transaction(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not start semanage transaction")
|
|
|
|
- rc = semanage_user_del_local(self.sh, k)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not delete SELinux user %s" % name)
|
|
+ rc = semanage_user_del_local(self.sh, k)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not delete SELinux user %s" % name)
|
|
|
|
- rc = semanage_commit(self.sh)
|
|
- if rc < 0:
|
|
- raise ValueError("Could not delete SELinux user %s" % name)
|
|
+ rc = semanage_commit(self.sh)
|
|
+ if rc < 0:
|
|
+ raise ValueError("Could not delete SELinux user %s" % name)
|
|
+ except ValueError, error:
|
|
+ mylog.log(0,"delete SELinux user record", name)
|
|
+ raise error
|
|
|
|
+ mylog.log(1,"delete SELinux user record", name)
|
|
semanage_user_key_free(k)
|
|
|
|
def get_all(self):
|
|
@@ -462,14 +553,20 @@
|
|
return ddict
|
|
|
|
def list(self, heading=1):
|
|
- if heading:
|
|
- print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
|
|
- print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
|
|
ddict=self.get_all()
|
|
keys=ddict.keys()
|
|
keys.sort()
|
|
- for k in keys:
|
|
- print "%-15s %-10s %-30s %s" % (k, translate(ddict[k][0]), translate(ddict[k][1]), ddict[k][2])
|
|
+ if is_mls_enabled == 1:
|
|
+ if heading:
|
|
+ print "\n%-15s %-10s %-30s" % ("", "MLS/", "MLS/")
|
|
+ print "%-15s %-10s %-30s %s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles")
|
|
+ for k in keys:
|
|
+ print "%-15s %-10s %-30s %s" % (k, translate(ddict[k][0]), translate(ddict[k][1]), ddict[k][2])
|
|
+ else:
|
|
+ if heading:
|
|
+ print "%-15s %s\n" % ("SELinux User", "SELinux Roles")
|
|
+ for k in keys:
|
|
+ print "%-15s %s" % (k, ddict[k][2])
|
|
|
|
class portRecords(semanageRecords):
|
|
def __init__(self):
|
|
@@ -500,10 +597,11 @@
|
|
return ( k, proto_d, low, high )
|
|
|
|
def add(self, port, proto, serange, type):
|
|
- if serange == "":
|
|
- serange="s0"
|
|
- else:
|
|
- serange=untranslate(serange)
|
|
+ if is_mls_enabled == 1:
|
|
+ if serange == "":
|
|
+ serange="s0"
|
|
+ else:
|
|
+ serange=untranslate(serange)
|
|
|
|
if type == "":
|
|
raise ValueError("Type is required")
|
|
@@ -564,7 +662,10 @@
|
|
|
|
def modify(self, port, proto, serange, setype):
|
|
if serange == "" and setype == "":
|
|
- raise ValueError("Requires setype or serange")
|
|
+ if is_mls_enabled == 1:
|
|
+ raise ValueError("Requires setype or serange")
|
|
+ else:
|
|
+ raise ValueError("Requires setype")
|
|
|
|
( k, proto_d, low, high ) = self.__genkey(port, proto)
|
|
|
|
@@ -688,10 +789,11 @@
|
|
semanageRecords.__init__(self)
|
|
|
|
def add(self, interface, serange, ctype):
|
|
- if serange == "":
|
|
- serange="s0"
|
|
- else:
|
|
- serange=untranslate(serange)
|
|
+ if is_mls_enabled == 1:
|
|
+ if serange == "":
|
|
+ serange="s0"
|
|
+ else:
|
|
+ serange=untranslate(serange)
|
|
|
|
if ctype == "":
|
|
raise ValueError("SELinux Type is required")
|
|
@@ -869,14 +971,14 @@
|
|
self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
|
|
|
|
|
|
- def add(self, target, type, ftype="", serange="s0", seuser="system_u"):
|
|
+ def add(self, target, type, ftype="", serange="", seuser="system_u"):
|
|
if seuser == "":
|
|
seuser="system_u"
|
|
-
|
|
- if serange == "":
|
|
- serange="s0"
|
|
- else:
|
|
- serange=untranslate(serange)
|
|
+ if is_mls_enabled == 1:
|
|
+ if serange == "":
|
|
+ serange="s0"
|
|
+ else:
|
|
+ serange=untranslate(serange)
|
|
|
|
if type == "":
|
|
raise ValueError("SELinux Type is required")
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/setsebool/Makefile policycoreutils-1.29.26/setsebool/Makefile
|
|
--- nsapolicycoreutils/setsebool/Makefile 2005-11-04 15:37:49.000000000 -0500
|
|
+++ policycoreutils-1.29.26/setsebool/Makefile 2006-02-25 06:56:54.000000000 -0500
|
|
@@ -17,6 +17,8 @@
|
|
install: all
|
|
-mkdir -p $(SBINDIR)
|
|
install -m 755 setsebool $(SBINDIR)
|
|
+ -mkdir -p $(MANDIR)/man8
|
|
+ install -m 644 setsebool.8 $(MANDIR)/man8/
|
|
|
|
relabel:
|
|
|