diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list
--- nsapolicycoreutils/debugfiles.list 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.62/debugfiles.list 2009-04-03 14:13:23.000000000 -0400
@@ -0,0 +1,64 @@
+%dir /usr/lib/debug
+%dir /usr/lib/debug/sbin
+%dir /usr/lib/debug/.build-id
+%dir /usr/lib/debug/.build-id/3d
+%dir /usr/lib/debug/.build-id/ec
+%dir /usr/lib/debug/.build-id/9d
+%dir /usr/lib/debug/.build-id/cb
+%dir /usr/lib/debug/.build-id/bc
+%dir /usr/lib/debug/.build-id/0a
+%dir /usr/lib/debug/.build-id/81
+%dir /usr/lib/debug/.build-id/ad
+%dir /usr/lib/debug/.build-id/7f
+%dir /usr/lib/debug/.build-id/f4
+%dir /usr/lib/debug/.build-id/15
+%dir /usr/lib/debug/.build-id/1d
+%dir /usr/lib/debug/.build-id/a8
+%dir /usr/lib/debug/.build-id/d3
+%dir /usr/lib/debug/usr
+%dir /usr/lib/debug/usr/sbin
+%dir /usr/lib/debug/usr/bin
+/usr/lib/debug/sbin/setfiles.debug
+/usr/lib/debug/sbin/restorecon.debug
+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70.debug
+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70
+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab
+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab.debug
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665
+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce
+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce.debug
+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865
+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865.debug
+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082.debug
+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082
+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401.debug
+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401
+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be.debug
+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be
+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a.debug
+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7
+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8.debug
+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8
+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f.debug
+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f
+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b
+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b.debug
+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9
+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9.debug
+/usr/lib/debug/usr/sbin/load_policy.debug
+/usr/lib/debug/usr/sbin/restorecond.debug
+/usr/lib/debug/usr/sbin/semodule.debug
+/usr/lib/debug/usr/sbin/sestatus.debug
+/usr/lib/debug/usr/sbin/setsebool.debug
+/usr/lib/debug/usr/sbin/open_init_pty.debug
+/usr/lib/debug/usr/sbin/run_init.debug
+/usr/lib/debug/usr/bin/semodule_package.debug
+/usr/lib/debug/usr/bin/newrole.debug
+/usr/lib/debug/usr/bin/semodule_link.debug
+/usr/lib/debug/usr/bin/semodule_deps.debug
+/usr/lib/debug/usr/bin/semodule_expand.debug
+/usr/lib/debug/usr/bin/secon.debug
+/usr/src/debug/policycoreutils-2.0.62
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list
--- nsapolicycoreutils/debuglinks.list 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.62/debuglinks.list 2009-04-03 14:13:23.000000000 -0400
@@ -0,0 +1,29 @@
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles
+/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug
+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70 /usr/sbin/open_init_pty
+/usr/lib/debug/.build-id/3d/c26411dac65290297678f68c7d65c43039df70.debug /usr/lib/debug/usr/sbin/open_init_pty.debug
+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8 /usr/sbin/sestatus
+/usr/lib/debug/.build-id/15/cbead7609477306808e0d90860e7e0d69ccac8.debug /usr/lib/debug/usr/sbin/sestatus.debug
+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401 /usr/sbin/semodule
+/usr/lib/debug/.build-id/81/4a2dc779e8dc03a30550b17393f4bf38cc3401.debug /usr/lib/debug/usr/sbin/semodule.debug
+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9 /usr/sbin/load_policy
+/usr/lib/debug/.build-id/d3/a79f853588fb732304975cb781fe37f686e5b9.debug /usr/lib/debug/usr/sbin/load_policy.debug
+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b /usr/sbin/run_init
+/usr/lib/debug/.build-id/a8/4bb87bec28cd2e948c72529f4640d56178107b.debug /usr/lib/debug/usr/sbin/run_init.debug
+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a /usr/sbin/restorecond
+/usr/lib/debug/.build-id/7f/d8c1148b921ee7ce357dcc4827a35074d8744a.debug /usr/lib/debug/usr/sbin/restorecond.debug
+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab /usr/sbin/setsebool
+/usr/lib/debug/.build-id/ec/2012afb3f104620e1d260c932419e6391474ab.debug /usr/lib/debug/usr/sbin/setsebool.debug
+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865 /usr/bin/secon
+/usr/lib/debug/.build-id/bc/36b9f43fecf5bdb7cbc3780aea1de9a7192865.debug /usr/lib/debug/usr/bin/secon.debug
+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f /usr/bin/newrole
+/usr/lib/debug/.build-id/1d/b4d0c26d77215c7e45aa7da8d6622ec413951f.debug /usr/lib/debug/usr/bin/newrole.debug
+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082 /usr/bin/semodule_link
+/usr/lib/debug/.build-id/0a/2965fb8a1c2359677db2cd583f4caa9b79e082.debug /usr/lib/debug/usr/bin/semodule_link.debug
+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be /usr/bin/semodule_expand
+/usr/lib/debug/.build-id/ad/d96fe93d52caa86fd8119e3a250b3ff1afc8be.debug /usr/lib/debug/usr/bin/semodule_expand.debug
+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce /usr/bin/semodule_package
+/usr/lib/debug/.build-id/cb/29543b91147fcf47889d52fa8375c3a388dcce.debug /usr/lib/debug/usr/bin/semodule_package.debug
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps
+/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug
+/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug
Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.62/Makefile 2009-04-03 14:12:56.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.62/restorecond/restorecond.conf 2009-04-03 14:12:56.000000000 -0400
@@ -5,3 +5,7 @@
/var/run/utmp
/var/log/wtmp
~/*
+/root/.ssh
+/root/.ssh/*
+
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.62/scripts/fixfiles 2009-04-03 14:12:56.000000000 -0400
@@ -122,7 +122,7 @@
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -i -f - 2>&1 >> $LOGFILE
+ rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
done
exit $?
fi
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-02-18 16:44:47.000000000 -0500
+++ policycoreutils-2.0.62/semanage/semanage 2009-04-08 21:39:50.000000000 -0400
@@ -50,7 +50,7 @@
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
-semanage fcontext -{a|d|m} [-frst] file_spec
+semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
@@ -84,6 +84,7 @@
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
+ -e, --equil Make target equil to this paths labeling
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
@@ -115,7 +116,7 @@
valid_option["node"] = []
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
valid_option["fcontext"] = []
- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] += valid_everyone + [ '-e', '--equil', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
@@ -192,6 +193,7 @@
locallist = False
use_file = False
store = ""
+ equil=""
object = argv[0]
option_dict=get_options()
@@ -201,10 +203,11 @@
args = argv[1:]
gopts, cmds = getopt.getopt(args,
- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
+ '01ade:f:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
['add',
'delete',
'deleteall',
+ 'equil=',
'ftype=',
'file',
'help',
@@ -248,6 +251,9 @@
if o == "-f" or o == "--ftype":
ftype=a
+ if o == "-e" or o == "--equil":
+ equil=a
+
if o == "-F" or o == "--file":
use_file = True
@@ -366,7 +372,10 @@
OBJECT.add(target, mask, proto, serange, setype)
if object == "fcontext":
- OBJECT.add(target, setype, ftype, serange, seuser)
+ if equil == "":
+ OBJECT.add(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.add_equil(target, equil)
if object == "permissive":
OBJECT.add(target)
@@ -396,7 +405,10 @@
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
- OBJECT.modify(target, setype, ftype, serange, seuser)
+ if equil == "":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.modify_equil(target, equil)
return
@@ -405,7 +417,7 @@
OBJECT.delete(target, proto)
elif object == "fcontext":
- OBJECT.delete(target, ftype)
+ OBJECT.delete(target, ftype)
elif object == "node":
OBJECT.delete(target, mask, proto)
@@ -464,10 +476,10 @@
else:
fd = open(input, 'r')
trans = seobject.semanageRecords(store)
- trans.begin()
+ trans.start()
for l in fd.readlines():
process_args(mkargv(l))
- trans.commit()
+ trans.finish()
else:
process_args(sys.argv[1:])
diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2008-11-14 17:10:15.000000000 -0500
+++ policycoreutils-2.0.62/semanage/seobject.py 2009-04-08 22:01:48.000000000 -0400
@@ -23,14 +23,14 @@
import pwd, grp, string, selinux, tempfile, os, re, sys
from semanage import *;
-PROGNAME="policycoreutils"
+PROGNAME = "policycoreutils"
import sepolgen.module as module
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
try:
- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+ gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1)
except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
@@ -96,7 +96,7 @@
self.audit_fd = audit.audit_open()
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0], str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
except:
class logger:
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
@@ -104,7 +104,7 @@
message = "Successful: "
else:
message = "Failed: "
- message += " %s name=%s" % (msg,name)
+ message += " %s name=%s" % (msg, name)
if sename != "":
message += " sename=" + sename
if old_sename != "":
@@ -123,9 +123,9 @@
import xml.etree.ElementTree
-booleans_dict={}
+booleans_dict = {}
try:
- tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ tree = xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
for l in tree.findall("layer"):
for m in l.findall("module"):
for b in m.findall("tunable"):
@@ -160,12 +160,12 @@
cat_range = category + "(\." + category +")?"
categories = cat_range + "(\," + cat_range + ")*"
reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
- return re.search("^" + reg +"$",raw)
+ return re.search("^" + reg +"$", raw)
def translate(raw, prepend = 1):
- filler="a:b:c:"
+ filler = "a:b:c:"
if prepend == 1:
- context = "%s%s" % (filler,raw)
+ context = "%s%s" % (filler, raw)
else:
context = raw
(rc, trans) = selinux.selinux_raw_to_trans_context(context)
@@ -179,9 +179,9 @@
return trans
def untranslate(trans, prepend = 1):
- filler="a:b:c:"
+ filler = "a:b:c:"
if prepend == 1:
- context = "%s%s" % (filler,trans)
+ context = "%s%s" % (filler, trans)
else:
context = trans
@@ -234,7 +234,7 @@
rec += "%s=%s\n" % (k, self.ddict[k])
return rec
- def list(self,heading = 1, locallist = 0):
+ def list(self, heading = 1, locallist = 0):
if heading:
print "\n%-25s %s\n" % (_("Level"), _("Translation"))
keys = self.ddict.keys()
@@ -281,15 +281,20 @@
global handle
if handle != None:
- self.transaction = True
self.sh = handle
else:
- self.sh=get_handle(store)
- self.transaction = False
+ self.sh = get_handle(store)
+ self.transaction = False
def deleteall(self):
raise ValueError(_("Not yet implemented"))
+ def start(self):
+ if self.transaction:
+ raise ValueError(_("Semanage transaction already in progress"))
+ self.begin()
+ self.transaction = True
+
def begin(self):
if self.transaction:
return
@@ -303,6 +308,12 @@
if rc < 0:
raise ValueError(_("Could not commit semanage transaction"))
+ def finish(self):
+ if not self.transaction:
+ raise ValueError(_("Semanage transaction not in progress"))
+ self.transaction = False
+ self.commit()
+
class permissiveRecords(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
@@ -320,7 +331,7 @@
l.append(name.split("permissive_")[1])
return l
- def list(self,heading = 1, locallist = 0):
+ def list(self, heading = 1, locallist = 0):
if heading:
print "\n%-25s\n" % (_("Permissive Types"))
for t in self.get_all():
@@ -328,6 +339,7 @@
def add(self, type):
+ import glob
name = "permissive_%s" % type
dirname = "/var/lib/selinux"
os.chdir(dirname)
@@ -341,7 +353,7 @@
permissive %s;
""" % (name, type, type)
- fd = open(filename,'w')
+ fd = open(filename, 'w')
fd.write(modtxt)
fd.close()
mc = module.ModuleCompiler()
@@ -351,16 +363,19 @@
fd.close()
rc = semanage_module_install(self.sh, data, len(data));
- if rc < 0:
- raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
-
- self.commit()
+ if rc >= 0:
+ self.commit()
- for root, dirs, files in os.walk("tmp", topdown=False):
+ for root, dirs, files in os.walk("tmp", topdown = False):
for name in files:
os.remove(os.path.join(root, name))
for name in dirs:
os.rmdir(os.path.join(root, name))
+ os.removedirs("tmp")
+ for i in glob.glob("permissive_%s.*" % type):
+ os.remove(i)
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
def delete(self, name):
for n in name.split():
@@ -390,11 +405,11 @@
if sename == "":
sename = "user_u"
- (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_seuser_exists(self.sh, k)
+ (rc, exists) = semanage_seuser_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -410,7 +425,7 @@
except:
raise ValueError(_("Linux User %s does not exist") % name)
- (rc,u) = semanage_seuser_create(self.sh)
+ (rc, u) = semanage_seuser_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create login mapping for %s") % name)
@@ -450,17 +465,17 @@
if sename == "" and serange == "":
raise ValueError(_("Requires seuser or serange"))
- (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_seuser_exists(self.sh, k)
+ (rc, exists) = semanage_seuser_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if not exists:
raise ValueError(_("Login mapping for %s is not defined") % name)
- (rc,u) = semanage_seuser_query(self.sh, k)
+ (rc, u) = semanage_seuser_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query seuser for %s") % name)
@@ -483,7 +498,7 @@
semanage_seuser_key_free(k)
semanage_seuser_free(u)
- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
+ mylog.log(1, "modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
def modify(self, name, sename = "", serange = ""):
try:
@@ -492,21 +507,21 @@
self.commit()
except ValueError, error:
- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, "", "", "");
+ mylog.log(0, "modify selinux user mapping", name, sename, "", serange, "", "", "");
raise error
def __delete(self, name):
- (rc,k) = semanage_seuser_key_create(self.sh, name)
+ (rc, k) = semanage_seuser_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_seuser_exists(self.sh, k)
+ (rc, exists) = semanage_seuser_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if not exists:
raise ValueError(_("Login mapping for %s is not defined") % name)
- (rc,exists) = semanage_seuser_exists_local(self.sh, k)
+ (rc, exists) = semanage_seuser_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if not exists:
@@ -525,10 +540,10 @@
self.commit()
except ValueError, error:
- mylog.log(0,"delete SELinux user mapping", name);
+ mylog.log(0, "delete SELinux user mapping", name);
raise error
- mylog.log(1,"delete SELinux user mapping", name);
+ mylog.log(1, "delete SELinux user mapping", name);
def get_all(self, locallist = 0):
ddict = {}
@@ -578,17 +593,17 @@
if len(roles) < 1:
raise ValueError(_("You must add at least one role for %s") % name)
- (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc, k) = semanage_user_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_user_exists(self.sh, k)
+ (rc, exists) = semanage_user_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
raise ValueError(_("SELinux user %s is already defined") % name)
- (rc,u) = semanage_user_create(self.sh)
+ (rc, u) = semanage_user_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create SELinux user for %s") % name)
@@ -612,7 +627,7 @@
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
- (rc,key) = semanage_user_key_extract(self.sh,u)
+ (rc, key) = semanage_user_key_extract(self.sh,u)
if rc < 0:
raise ValueError(_("Could not extract key for %s") % name)
@@ -645,17 +660,17 @@
else:
raise ValueError(_("Requires prefix or roles"))
- (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc, k) = semanage_user_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_user_exists(self.sh, k)
+ (rc, exists) = semanage_user_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if not exists:
raise ValueError(_("SELinux user %s is not defined") % name)
- (rc,u) = semanage_user_query(self.sh, k)
+ (rc, u) = semanage_user_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query user for %s") % name)
@@ -703,17 +718,17 @@
raise error
def __delete(self, name):
- (rc,k) = semanage_user_key_create(self.sh, name)
+ (rc, k) = semanage_user_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_user_exists(self.sh, k)
+ (rc, exists) = semanage_user_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if not exists:
raise ValueError(_("SELinux user %s is not defined") % name)
- (rc,exists) = semanage_user_exists_local(self.sh, k)
+ (rc, exists) = semanage_user_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if not exists:
@@ -795,7 +810,7 @@
low = int(ports[0])
high = int(ports[1])
- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d)
+ (rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
if rc < 0:
raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
return ( k, proto_d, low, high )
@@ -812,13 +827,13 @@
( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists(self.sh, k)
+ (rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if exists:
raise ValueError(_("Port %s/%s already defined") % (proto, port))
- (rc,p) = semanage_port_create(self.sh)
+ (rc, p) = semanage_port_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create port for %s/%s") % (proto, port))
@@ -871,13 +886,13 @@
( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists(self.sh, k)
+ (rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
raise ValueError(_("Port %s/%s is not defined") % (proto,port))
- (rc,p) = semanage_port_query(self.sh, k)
+ (rc, p) = semanage_port_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query port %s/%s") % (proto, port))
@@ -926,13 +941,13 @@
def __delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
- (rc,exists) = semanage_port_exists(self.sh, k)
+ (rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
raise ValueError(_("Port %s/%s is not defined") % (proto, port))
- (rc,exists) = semanage_port_exists_local(self.sh, k)
+ (rc, exists) = semanage_port_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
@@ -1038,17 +1053,17 @@
if ctype == "":
raise ValueError(_("SELinux Type is required"))
- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
raise ValueError(_("Could not create key for %s") % addr)
if rc < 0:
raise ValueError(_("Could not check if addr %s is defined") % addr)
- (rc,exists) = semanage_node_exists(self.sh, k)
+ (rc, exists) = semanage_node_exists(self.sh, k)
if exists:
raise ValueError(_("Addr %s already defined") % addr)
- (rc,node) = semanage_node_create(self.sh)
+ (rc, node) = semanage_node_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create addr for %s") % addr)
@@ -1113,17 +1128,17 @@
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
raise ValueError(_("Could not create key for %s") % addr)
- (rc,exists) = semanage_node_exists(self.sh, k)
+ (rc, exists) = semanage_node_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if addr %s is defined") % addr)
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
- (rc,node) = semanage_node_query(self.sh, k)
+ (rc, node) = semanage_node_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query addr %s") % addr)
@@ -1160,17 +1175,17 @@
else:
raise ValueError(_("Unknown or missing protocol"))
- (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
raise ValueError(_("Could not create key for %s") % addr)
- (rc,exists) = semanage_node_exists(self.sh, k)
+ (rc, exists) = semanage_node_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if addr %s is defined") % addr)
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
- (rc,exists) = semanage_node_exists_local(self.sh, k)
+ (rc, exists) = semanage_node_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if addr %s is defined") % addr)
if not exists:
@@ -1240,17 +1255,17 @@
if ctype == "":
raise ValueError(_("SELinux Type is required"))
- (rc,k) = semanage_iface_key_create(self.sh, interface)
+ (rc, k) = semanage_iface_key_create(self.sh, interface)
if rc < 0:
raise ValueError(_("Could not create key for %s") % interface)
- (rc,exists) = semanage_iface_exists(self.sh, k)
+ (rc, exists) = semanage_iface_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
raise ValueError(_("Interface %s already defined") % interface)
- (rc,iface) = semanage_iface_create(self.sh)
+ (rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create interface for %s") % interface)
@@ -1301,17 +1316,17 @@
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
- (rc,k) = semanage_iface_key_create(self.sh, interface)
+ (rc, k) = semanage_iface_key_create(self.sh, interface)
if rc < 0:
raise ValueError(_("Could not create key for %s") % interface)
- (rc,exists) = semanage_iface_exists(self.sh, k)
+ (rc, exists) = semanage_iface_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if not exists:
raise ValueError(_("Interface %s is not defined") % interface)
- (rc,iface) = semanage_iface_query(self.sh, k)
+ (rc, iface) = semanage_iface_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query interface %s") % interface)
@@ -1335,17 +1350,17 @@
self.commit()
def __delete(self, interface):
- (rc,k) = semanage_iface_key_create(self.sh, interface)
+ (rc, k) = semanage_iface_key_create(self.sh, interface)
if rc < 0:
raise ValueError(_("Could not create key for %s") % interface)
- (rc,exists) = semanage_iface_exists(self.sh, k)
+ (rc, exists) = semanage_iface_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if not exists:
raise ValueError(_("Interface %s is not defined") % interface)
- (rc,exists) = semanage_iface_exists_local(self.sh, k)
+ (rc, exists) = semanage_iface_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if not exists:
@@ -1393,6 +1408,40 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.equiv = {}
+ fd = open(selinux.selinux_file_context_subs_path(), "r")
+ for i in fd.readlines():
+ src, dst = i.split()
+ self.equiv[src] = dst
+ fd.close()
+ self.equil_ind = False
+
+ def commit(self):
+ if self.equil_ind:
+ tmpfile = "%s.tmp" % selinux.selinux_file_context_subs_path()
+ fd = open(tmpfile, "w")
+ for src in self.equiv.keys():
+ fd.write("%s %s\n" % (src, self.equiv[src]))
+ fd.close()
+ os.rename(tmpfile,selinux.selinux_file_context_subs_path())
+ self.equil_ind = False
+ semanageRecords.commit(self)
+
+ def add_equil(self, src, dst):
+ self.begin()
+ if src in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s already exists") % src)
+ self.equiv[src] = dst
+ self.equil_ind = True
+ self.commit()
+
+ def modify_equil(self, src, dst):
+ self.begin()
+ if src not in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s does not exists") % src)
+ self.equiv[src] = dst
+ self.equil_ind = True
+ self.commit()
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
@@ -1429,23 +1478,23 @@
if type == "":
raise ValueError(_("SELinux Type is required"))
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create key for %s") % target)
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if not exists:
- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
raise ValueError(_("File context for %s already defined") % target)
- (rc,fcontext) = semanage_fcontext_create(self.sh)
+ (rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
raise ValueError(_("Could not create file context for %s") % target)
@@ -1486,21 +1535,21 @@
raise ValueError(_("Requires setype, serange or seuser"))
self.validate(target)
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if not exists:
- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
if not exists:
raise ValueError(_("File context for %s is not defined") % target)
- (rc,fcontext) = semanage_fcontext_query_local(self.sh, k)
+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
if rc < 0:
- (rc,fcontext) = semanage_fcontext_query(self.sh, k)
+ (rc, fcontext) = semanage_fcontext_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query file context for %s") % target)
@@ -1550,7 +1599,7 @@
target = semanage_fcontext_get_expr(fcontext)
ftype = semanage_fcontext_get_type(fcontext)
ftype_str = semanage_fcontext_get_type_str(ftype)
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
@@ -1558,19 +1607,26 @@
if rc < 0:
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
-
+
+ self.equiv = {}
+ self.equil_ind = True
self.commit()
def __delete(self, target, ftype):
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if target in self.equiv.keys():
+ self.equiv.pop(target)
+ self.equil_ind = True
+ return
+
+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
- (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if not exists:
- (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ (rc, exists) = semanage_fcontext_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -1617,11 +1673,11 @@
return ddict
def list(self, heading = 1, locallist = 0 ):
- if heading:
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
keys.sort()
+ if len(keys) > 0 and heading:
+ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
@@ -1630,11 +1686,17 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
+ if len(self.equiv.keys()) > 0:
+ if heading:
+ print _("\nSELinux fcontext Equivalence \n")
+
+ for src in self.equiv.keys():
+ print "%s == %s" % (src, self.equiv[src])
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
- self.dict={}
+ self.dict = {}
self.dict["TRUE"] = 1
self.dict["FALSE"] = 0
self.dict["ON"] = 1
@@ -1643,16 +1705,16 @@
self.dict["0"] = 0
def __mod(self, name, value):
- (rc,k) = semanage_bool_key_create(self.sh, name)
+ (rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_bool_exists(self.sh, k)
+ (rc, exists) = semanage_bool_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
if not exists:
raise ValueError(_("Boolean %s is not defined") % name)
- (rc,b) = semanage_bool_query(self.sh, k)
+ (rc, b) = semanage_bool_query(self.sh, k)
if rc < 0:
raise ValueError(_("Could not query file context %s") % name)
@@ -1670,7 +1732,7 @@
semanage_bool_key_free(k)
semanage_bool_free(b)
- def modify(self, name, value=None, use_file=False):
+ def modify(self, name, value = None, use_file = False):
self.begin()
@@ -1694,16 +1756,16 @@
def __delete(self, name):
- (rc,k) = semanage_bool_key_create(self.sh, name)
+ (rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
- (rc,exists) = semanage_bool_exists(self.sh, k)
+ (rc, exists) = semanage_bool_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
if not exists:
raise ValueError(_("Boolean %s is not defined") % name)
- (rc,exists) = semanage_bool_exists_local(self.sh, k)
+ (rc, exists) = semanage_bool_exists_local(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is defined") % name)
if not exists:
@@ -1762,7 +1824,7 @@
return _("unknown")
def list(self, heading = True, locallist = False, use_file = False):
- on_off = (_("off"),_("on"))
+ on_off = (_("off"), _("on"))
if use_file:
ddict = self.get_all(locallist)
keys = ddict.keys()