diff --git a/policycoreutils/semanage/seobject/__init__.py b/policycoreutils/semanage/seobject/__init__.py index 33f5fa9..d489a90 100644 --- a/policycoreutils/semanage/seobject/__init__.py +++ b/policycoreutils/semanage/seobject/__init__.py @@ -520,7 +520,15 @@ class loginRecords(semanageRecords): else: serange = RANGE - (rc, k) = semanage_seuser_key_create(self.sh, name) + (rc, u) = semanage_seuser_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_seuser_set_name(self.sh, u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_seuser_key_extract(self.sh, u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -529,6 +537,7 @@ class loginRecords(semanageRecords): raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: semanage_seuser_key_free(k) + semanage_seuser_free(u) return self.__modify(name, sename, serange) if name[0] == '%': @@ -542,14 +551,6 @@ class loginRecords(semanageRecords): except: raise ValueError(_("Linux User %s does not exist") % name) - (rc, u) = semanage_seuser_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create login mapping for %s") % name) - - rc = semanage_seuser_set_name(self.sh, u, name) - if rc < 0: - raise ValueError(_("Could not set name for %s") % name) - if serange: rc = semanage_seuser_set_mlsrange(self.sh, u, serange) if rc < 0: @@ -594,7 +595,15 @@ class loginRecords(semanageRecords): else: self.serange = RANGE - (rc, k) = semanage_seuser_key_create(self.sh, name) + (rc, tmp_u) = semanage_seuser_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_seuser_set_name(self.sh, tmp_u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_seuser_key_extract(self.sh, tmp_u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -624,6 +633,7 @@ class loginRecords(semanageRecords): raise ValueError(_("Could not modify login mapping for %s") % name) semanage_seuser_key_free(k) + semanage_seuser_free(tmp_u) semanage_seuser_free(u) self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) @@ -641,7 +651,15 @@ class loginRecords(semanageRecords): userrec = seluserRecords() RANGE, (rc, oldserole) = userrec.get(self.oldsename) - (rc, k) = semanage_seuser_key_create(self.sh, name) + (rc, u) = semanage_seuser_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_seuser_set_name(self.sh, u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_seuser_key_extract(self.sh, u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -662,6 +680,7 @@ class loginRecords(semanageRecords): raise ValueError(_("Could not delete login mapping for %s") % name) semanage_seuser_key_free(k) + semanage_seuser_free(u) rec, self.sename, self.serange = selinux.getseuserbyname("__default__") RANGE, (rc, serole) = userrec.get(self.sename) @@ -763,7 +782,15 @@ class seluserRecords(semanageRecords): semanageRecords.__init__(self, store) def get(self, name): - (rc, k) = semanage_user_key_create(self.sh, name) + (rc, tmp_u) = semanage_user_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_user_set_name(self.sh, tmp_u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_user_key_extract(self.sh, tmp_u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) (rc, exists) = semanage_user_exists(self.sh, k) @@ -775,6 +802,7 @@ class seluserRecords(semanageRecords): serange = semanage_user_get_mlsrange(u) serole = semanage_user_get_roles(self.sh, u) semanage_user_key_free(k) + semanage_user_free(tmp_u) semanage_user_free(u) return serange, serole @@ -793,7 +821,15 @@ class seluserRecords(semanageRecords): if len(roles) < 1: raise ValueError(_("You must add at least one role for %s") % name) - (rc, k) = semanage_user_key_create(self.sh, name) + (rc, u) = semanage_user_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_user_set_name(self.sh, u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_user_key_extract(self.sh, u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -802,16 +838,9 @@ class seluserRecords(semanageRecords): raise ValueError(_("Could not check if SELinux user %s is defined") % name) if exists: semanage_user_key_free(k) + semanage_user_free(u) return self.__modify(name, roles, selevel, serange, prefix) - (rc, u) = semanage_user_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create SELinux user for %s") % name) - - rc = semanage_user_set_name(self.sh, u, name) - if rc < 0: - raise ValueError(_("Could not set name for %s") % name) - for r in roles: rc = semanage_user_add_role(self.sh, u, r) if rc < 0: @@ -859,7 +888,15 @@ class seluserRecords(semanageRecords): else: raise ValueError(_("Requires prefix or roles")) - (rc, k) = semanage_user_key_create(self.sh, name) + (rc, tmp_u) = semanage_user_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_user_set_name(self.sh, tmp_u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_user_key_extract(self.sh, tmp_u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -899,6 +936,7 @@ class seluserRecords(semanageRecords): raise ValueError(_("Could not modify SELinux user %s") % name) semanage_user_key_free(k) + semanage_user_free(tmp_u) semanage_user_free(u) role = ",".join(newroles.split()) @@ -916,7 +954,15 @@ class seluserRecords(semanageRecords): raise error def __delete(self, name): - (rc, k) = semanage_user_key_create(self.sh, name) + (rc, tmp_u) = semanage_user_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + + rc = semanage_user_set_name(self.sh, tmp_u, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_user_key_extract(self.sh, tmp_u) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) @@ -944,6 +990,7 @@ class seluserRecords(semanageRecords): raise ValueError(_("Could not delete SELinux user %s") % name) semanage_user_key_free(k) + semanage_user_free(tmp_u) semanage_user_free(u) self.mylog.log_remove("seuser", oldsename=name, oldserange=oldserange, oldserole=oldserole) @@ -2119,7 +2166,14 @@ class booleanRecords(semanageRecords): def __mod(self, name, value): name = selinux.selinux_boolean_sub(name) - (rc, k) = semanage_bool_key_create(self.sh, name) + (rc, t_b) = semanage_bool_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + rc = semanage_bool_set_name(self.sh, t_b, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_bool_key_extract(self.sh, t_b) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) (rc, exists) = semanage_bool_exists(self.sh, k) @@ -2137,7 +2191,7 @@ class booleanRecords(semanageRecords): else: raise ValueError(_("You must specify one of the following values: %s") % ", ".join(list(self.dict.keys()))) - if self.modify_local and name in self.current_booleans: + if self.modify_local and name.encode() in self.current_booleans: rc = semanage_bool_set_active(self.sh, k, b) if rc < 0: raise ValueError(_("Could not set active value of boolean %s") % name) @@ -2145,6 +2199,7 @@ class booleanRecords(semanageRecords): if rc < 0: raise ValueError(_("Could not modify boolean %s") % name) semanage_bool_key_free(k) + semanage_bool_free(t_b) semanage_bool_free(b) def modify(self, name, value=None, use_file=False): @@ -2170,7 +2225,14 @@ class booleanRecords(semanageRecords): def __delete(self, name): name = selinux.selinux_boolean_sub(name) - (rc, k) = semanage_bool_key_create(self.sh, name) + (rc, t_b) = semanage_bool_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create login mapping for %s") % name) + rc = semanage_bool_set_name(self.sh, t_b, name) + if rc < 0: + raise ValueError(_("Could not set name for %s") % name) + + (rc, k) = semanage_bool_key_extract(self.sh, t_b) if rc < 0: raise ValueError(_("Could not create a key for %s") % name) (rc, exists) = semanage_bool_exists(self.sh, k) @@ -2190,6 +2252,7 @@ class booleanRecords(semanageRecords): raise ValueError(_("Could not delete boolean %s") % name) semanage_bool_key_free(k) + semanage_bool_free(t_b) def delete(self, name): self.begin()