diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index a2510d7..10c9884 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,201 +1,381 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.4/semanage/semanage +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.5/scripts/genhomedircon +--- nsapolicycoreutils/scripts/genhomedircon 2006-01-05 10:35:49.000000000 -0500 ++++ policycoreutils-1.29.5/scripts/genhomedircon 2006-01-10 12:11:48.000000000 -0500 +@@ -144,7 +144,7 @@ + for i in fd.read().split('\n'): + if i.find("HOME_ROOT") == 0: + i=i.replace("HOME_ROOT", homedir) +- ret = i+"\n" ++ ret += i+"\n" + fd.close() + if ret=="": + errorExit("No Home Root Context Found") +@@ -240,7 +240,7 @@ + i=i.replace("HOME_DIR", home) + i=i.replace("ROLE", role) + i=i.replace("system_u", user) +- ret = ret+i+"\n" ++ ret += i+"\n" + fd.close() + return ret + +@@ -252,7 +252,7 @@ + i=i.replace("USER", user) + i=i.replace("ROLE", role) + i=i.replace("system_u", sel_user) +- ret=ret+i+"\n" ++ ret = i+"\n" + fd.close() + return ret + +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/Makefile policycoreutils-1.29.5/semanage/Makefile +--- nsapolicycoreutils/semanage/Makefile 2005-11-29 10:55:01.000000000 -0500 ++++ policycoreutils-1.29.5/semanage/Makefile 2006-01-06 14:34:47.000000000 -0500 +@@ -2,6 +2,8 @@ + PREFIX ?= ${DESTDIR}/usr + SBINDIR ?= $(PREFIX)/sbin + MANDIR = $(PREFIX)/share/man ++PYLIBVER ?= python2.4 ++PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) + + TARGETS=semanage + +@@ -12,6 +14,8 @@ + -mkdir -p $(SBINDIR) + install -m 755 semanage $(SBINDIR) + install -m 644 semanage.8 $(MANDIR)/man8 ++ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages ++ install -m 755 seobject.py $(PYTHONLIBDIR)/site-packages + + clean: + +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-1.29.5/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2006-01-05 10:35:49.000000000 -0500 -+++ policycoreutils-1.29.4/semanage/semanage 2006-01-05 16:27:42.000000000 -0500 -@@ -20,15 +20,20 @@ ++++ policycoreutils-1.29.5/semanage/semanage 2006-01-06 14:41:04.000000000 -0500 +@@ -20,345 +20,9 @@ # 02111-1307 USA # # -+ - import commands, sys, os, pwd, string, getopt, pwd - from semanage import *; +-import commands, sys, os, pwd, string, getopt, pwd +-from semanage import *; -class loginRecords: -+class semanageRecords: - def __init__(self): - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) - -+class loginRecords(semanageRecords): -+ def __init__(self): -+ semanageRecords.__init__(self) -+ - def add(self, name, sename, serange): - if serange == "": - serange = "s0" -@@ -80,7 +85,7 @@ - if sename != "": - semanage_seuser_set_sename(self.sh, u, sename) - semanage_begin_transaction(self.sh) +- def __init__(self): +- self.sh = semanage_handle_create() +- self.semanaged = semanage_is_managed(self.sh) +- if self.semanaged: +- semanage_connect(self.sh) +- +- def add(self, name, sename, serange): +- if serange == "": +- serange = "s0" +- if sename == "": +- sename = "user_u" +- +- (rc,k) = semanage_seuser_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not create a key for %s" % name) +- +- (rc,exists) = semanage_seuser_exists(self.sh, k) +- if exists: +- raise ValueError("SELinux User %s mapping already defined" % name) +- try: +- pwd.getpwnam(name) +- except: +- raise ValueError("Linux User %s does not exist" % name) +- +- (rc,u) = semanage_seuser_create(self.sh) +- if rc < 0: +- raise ValueError("Could not create seuser for %s" % name) +- +- semanage_seuser_set_name(self.sh, u, name) +- semanage_seuser_set_mlsrange(self.sh, u, serange) +- semanage_seuser_set_sename(self.sh, u, sename) +- semanage_begin_transaction(self.sh) +- semanage_seuser_add(self.sh, k, u) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add SELinux user mapping") +- +- def modify(self, name, sename = "", serange = ""): +- (rc,k) = semanage_seuser_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not create a key for %s" % name) +- +- if sename == "" and serange == "": +- raise ValueError("Requires, seuser or serange") +- +- (rc,exists) = semanage_seuser_exists(self.sh, k) +- if exists: +- (rc,u) = semanage_seuser_query(self.sh, k) +- if rc < 0: +- raise ValueError("Could not query seuser for %s" % name) +- else: +- raise ValueError("SELinux user %s mapping is not defined." % name) +- +- if serange != "": +- semanage_seuser_set_mlsrange(self.sh, u, serange) +- if sename != "": +- semanage_seuser_set_sename(self.sh, u, sename) +- semanage_begin_transaction(self.sh) - semanage_seuser_modify(self.sh, k, u) -+ semanage_seuser_modify_local(self.sh, k, u) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to modify SELinux user mapping") - -@@ -107,13 +112,9 @@ - name = semanage_seuser_get_name(u) - print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) - +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to modify SELinux user mapping") +- +- +- def delete(self, name): +- (rc,k) = semanage_seuser_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not create a key for %s" % name) +- +- (rc,exists) = semanage_seuser_exists(self.sh, k) +- if not exists: +- raise ValueError("SELinux user %s mapping is not defined." % name) +- semanage_begin_transaction(self.sh) +- semanage_seuser_del(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("SELinux User %s mapping not defined" % name) +- +- def list(self,heading=1): +- if heading: +- print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") +- (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) +- for idx in range(self.usize): +- u = semanage_seuser_by_idx(self.ulist, idx) +- name = semanage_seuser_get_name(u) +- print "%-25s %-25s %-25s" % (name, semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) +- -class seluserRecords: -+class seluserRecords(semanageRecords): - def __init__(self): +- def __init__(self): - roles = [] - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) -+ semanageRecords.__init__(self) - - def add(self, name, roles, selevel, serange): - if serange == "": -@@ -125,11 +126,9 @@ - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - +- +- def add(self, name, roles, selevel, serange): +- if serange == "": +- serange = "s0" +- if selevel == "": +- selevel = "s0" +- +- (rc,k) = semanage_user_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not create a key for %s" % name) +- - (rc,exists) = semanage_user_exists_local(self.sh, k) -+ (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: +- if not exists: - (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("SELinux user %s is already defined." % name) -+ raise ValueError("SELinux user %s is already defined." % name) - - (rc,u) = semanage_user_create(self.sh) - if rc < 0: -@@ -157,15 +156,11 @@ - if rc < 0: - raise ValueError("Could not create a key for %s" % name) - +- +- (rc,u) = semanage_user_create(self.sh) +- if rc < 0: +- raise ValueError("Could not create login mapping for %s" % name) +- +- semanage_user_set_name(self.sh, u, name) +- for r in roles: +- semanage_user_add_role(self.sh, u, r) +- semanage_user_set_mlsrange(self.sh, u, serange) +- semanage_user_set_mlslevel(self.sh, u, selevel) +- (rc,key) = semanage_user_key_extract(self.sh,u) +- if rc < 0: +- raise ValueError("Could not extract key for %s" % name) +- +- semanage_begin_transaction(self.sh) +- semanage_user_add_local(self.sh, k, u) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add SELinux user") +- +- def modify(self, name, roles = [], selevel = "", serange = ""): +- if len(roles) == 0 and serange == "" and selevel == "": +- raise ValueError("Requires, roles, level or range") +- +- (rc,k) = semanage_user_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not create a key for %s" % name) +- - (rc,exists) = semanage_user_exists_local(self.sh, k) -+ (rc,exists) = semanage_user_exists(self.sh, k) - if exists: +- if exists: - (rc,u) = semanage_user_query_local(self.sh, k) -+ (rc,u) = semanage_user_query(self.sh, k) - else: +- else: - (rc,exists) = semanage_user_exists(self.sh, k) - if exists: - (rc,u) = semanage_user_query(self.sh, k) - else: - raise ValueError("SELinux user %s mapping is not defined." % name) -+ raise ValueError("SELinux user %s mapping is not defined locally." % name) - if rc < 0: - raise ValueError("Could not query user for %s" % name) - -@@ -185,10 +180,14 @@ - (rc,k) = semanage_user_key_create(self.sh, name) - if rc < 0: - raise ValueError("Could not crpppeate a key for %s" % name) +- if rc < 0: +- raise ValueError("Could not query user for %s" % name) +- +- if serange != "": +- semanage_user_set_mlsrange(self.sh, u, serange) +- if selevel != "": +- semanage_user_set_mlslevel(self.sh, u, selevel) +- if len(roles) < 0: +- for r in roles: +- semanage_user_add_role(self.sh, u, r) +- semanage_begin_transaction(self.sh) +- semanage_user_modify_local(self.sh, k, u) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to modify SELinux user") +- +- def delete(self, name): +- (rc,k) = semanage_user_key_create(self.sh, name) +- if rc < 0: +- raise ValueError("Could not crpppeate a key for %s" % name) - - (rc,exists) = semanage_user_exists_local(self.sh, k) -+ (rc,exists) = semanage_user_exists(self.sh, k) - if not exists: - raise ValueError("user %s is not defined" % name) -+ else: -+ (rc,exists) = semanage_user_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("user %s is not defined locally, can not delete " % name) -+ - semanage_begin_transaction(self.sh) - semanage_user_del_local(self.sh, k) - if semanage_commit(self.sh) < 0: -@@ -211,12 +210,9 @@ - roles += " " + char_by_idx(rlist, ridx) - print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) - +- if not exists: +- raise ValueError("user %s is not defined" % name) +- semanage_begin_transaction(self.sh) +- semanage_user_del_local(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Login User %s not defined" % name) +- +- def list(self, heading=1): +- if heading: +- print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") +- print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") +- (status, self.ulist, self.usize) = semanage_user_list(self.sh) +- for idx in range(self.usize): +- u = semanage_user_by_idx(self.ulist, idx) +- name = semanage_user_get_name(u) +- (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) +- roles = "" +- +- if rlist_size: +- roles += char_by_idx(rlist, 0) +- for ridx in range (1,rlist_size): +- roles += " " + char_by_idx(rlist, ridx) +- print "%-15s %-10s %-15s %s" % (semanage_user_get_name(u), semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) +- -class portRecords: -+class portRecords(semanageRecords): - def __init__(self): +- def __init__(self): - self.sh = semanage_handle_create() - self.semanaged = semanage_is_managed(self.sh) - if self.semanaged: - semanage_connect(self.sh) -+ semanageRecords.__init__(self) - - def __genkey(self, port, proto): - if proto == "tcp": -@@ -236,7 +232,7 @@ - else: - low=string.atoi(ports[0]) - high=string.atoi(ports[1]) +- +- def __genkey(self, port, proto): +- if proto == "tcp": +- proto_d=SEMANAGE_PROTO_TCP +- else: +- if proto == "udp": +- proto_d=SEMANAGE_PROTO_UDP +- else: +- raise ValueError("Protocol udp or tcp is required") +- if port == "": +- raise ValueError("Port is required") - -+ - (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) - if rc < 0: - raise ValueError("Could not create a key for %s/%s" % (proto, port)) -@@ -255,10 +251,6 @@ - if exists: - raise ValueError("Port %s/%s already defined" % (proto, port)) - +- ports=port.split("-") +- if len(ports) == 1: +- low=string.atoi(ports[0]) +- high=string.atoi(ports[0]) +- else: +- low=string.atoi(ports[0]) +- high=string.atoi(ports[1]) +- +- (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) +- if rc < 0: +- raise ValueError("Could not create a key for %s/%s" % (proto, port)) +- return ( k, proto_d, low, high ) +- +- def add(self, port, proto, serange, type): +- if serange == "": +- serange="s0" +- +- if type == "": +- raise ValueError("Type is required") +- +- ( k, proto_d, low, high ) = self.__genkey(port, proto) +- +- (rc,exists) = semanage_port_exists(self.sh, k) +- if exists: +- raise ValueError("Port %s/%s already defined" % (proto, port)) +- - (rc,exists) = semanage_port_exists_local(self.sh, k) - if exists: - raise ValueError("Port %s/%s already defined locally" % (proto, port)) - - (rc,p) = semanage_port_create(self.sh) - if rc < 0: - raise ValueError("Could not create port for %s/%s" % (proto, port)) -@@ -273,8 +265,8 @@ - semanage_context_set_role(self.sh, con, "object_r") - semanage_context_set_type(self.sh, con, type) - semanage_context_set_mls(self.sh, con, serange) +- (rc,p) = semanage_port_create(self.sh) +- if rc < 0: +- raise ValueError("Could not create port for %s/%s" % (proto, port)) +- +- semanage_port_set_proto(p, proto_d) +- semanage_port_set_range(p, low, high) +- (rc, con) = semanage_context_create(self.sh) +- if rc < 0: +- raise ValueError("Could not create context for %s/%s" % (proto, port)) +- +- semanage_context_set_user(self.sh, con, "system_u") +- semanage_context_set_role(self.sh, con, "object_r") +- semanage_context_set_type(self.sh, con, type) +- semanage_context_set_mls(self.sh, con, serange) - semanage_port_set_con(p, con) - semanage_begin_transaction(self.sh) -+ semanage_port_set_con(p, con) - semanage_port_add_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: - raise ValueError("Failed to add port") -@@ -285,25 +277,23 @@ - - ( k, proto_d, low, high ) = self.__genkey(port, proto) - +- semanage_begin_transaction(self.sh) +- semanage_port_add_local(self.sh, k, p) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add port") +- +- def modify(self, port, proto, serange, setype): +- if serange == "" and setype == "": +- raise ValueError("Requires, setype or serange") +- +- ( k, proto_d, low, high ) = self.__genkey(port, proto) +- - (rc,exists) = semanage_port_exists_local(self.sh, k) -+ (rc,exists) = semanage_port_exists(self.sh, k) - if exists: +- if exists: - (rc,p) = semanage_port_query_local(self.sh, k) - (rc,exists) = semanage_port_exists(self.sh, k) - if exists: - (rc,p) = semanage_port_query(self.sh, k) - else: - raise ValueError("port %s/%s is not defined." % (proto,port)) -+ (rc,p) = semanage_port_query(self.sh, k) -+ else: -+ raise ValueError("port %s/%s is not defined." % (proto,port)) ++import sys, getopt ++import seobject - if rc < 0: - raise ValueError("Could not query port for %s/%s" % (proto, port)) - - con = semanage_port_get_con(p) +- if rc < 0: +- raise ValueError("Could not query port for %s/%s" % (proto, port)) +- +- con = semanage_port_get_con(p) - semanage_context_set_mls(self.sh, con, serange) -+ if rc < 0: -+ raise ValueError("Could not get port context for %s/%s" % (proto, port)) -+ - if serange != "": - semanage_context_set_mls(self.sh, con, serange) - if setype != "": - semanage_context_set_type(self.sh, con, setype) +- if serange != "": +- semanage_context_set_mls(self.sh, con, serange) +- if setype != "": +- semanage_context_set_type(self.sh, con, setype) - semanage_port_set_con(p, con) - semanage_begin_transaction(self.sh) - semanage_port_modify_local(self.sh, k, p) - if semanage_commit(self.sh) < 0: -@@ -311,9 +301,13 @@ - - def delete(self, port, proto): - ( k, proto_d, low, high ) = self.__genkey(port, proto) +- semanage_begin_transaction(self.sh) +- semanage_port_modify_local(self.sh, k, p) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Failed to add port") +- +- def delete(self, port, proto): +- ( k, proto_d, low, high ) = self.__genkey(port, proto) - (rc,exists) = semanage_port_exists_local(self.sh, k) -+ (rc,exists) = semanage_port_exists(self.sh, k) - if not exists: +- if not exists: - raise ValueError("port %s/%s is not defined localy." % (proto,port)) -+ raise ValueError("port %s/%s is not defined." % (proto,port)) -+ else: -+ (rc,exists) = semanage_port_exists_local(self.sh, k) -+ if not exists: -+ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) - - semanage_begin_transaction(self.sh) - semanage_port_del_local(self.sh, k) -@@ -338,27 +332,116 @@ - dict[(name,proto)].append("%d" % low) - else: - dict[(name,proto)].append("%d-%d" % (low, high)) +- +- semanage_begin_transaction(self.sh) +- semanage_port_del_local(self.sh, k) +- if semanage_commit(self.sh) < 0: +- raise ValueError("Port %s/%s not defined" % (proto,port)) +- +- def list(self, heading=1): +- (status, self.plist, self.psize) = semanage_port_list(self.sh) +- if heading: +- print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") +- dict={} +- for idx in range(self.psize): +- u = semanage_port_by_idx(self.plist, idx) +- con = semanage_port_get_con(u) +- name = semanage_context_get_type(con) +- proto=semanage_port_get_proto_str(u) +- low=semanage_port_get_low(u) +- high = semanage_port_get_high(u) +- if (name, proto) not in dict.keys(): +- dict[(name,proto)]=[] +- if low == high: +- dict[(name,proto)].append("%d" % low) +- else: +- dict[(name,proto)].append("%d-%d" % (low, high)) - (status, self.plist, self.psize) = semanage_port_list_local(self.sh) - for idx in range(self.psize): - u = semanage_port_by_idx(self.plist, idx) @@ -211,15 +391,483 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy - else: - dict[(name,proto)].append("%d-%d" % (low, high)) - for i in dict.keys(): +- rec = "%-30s %-8s " % i +- rec += "%s" % dict[i][0] +- for p in dict[i][1:]: +- rec += ", %s" % p +- print rec +- + if __name__ == '__main__': + + def usage(message = ""): +@@ -366,8 +30,11 @@ + semanage user [-admsRrh] SELINUX_USER\n\ + semanage login [-admsrh] LOGIN_NAME\n\ + semanage port [-admth] PORT | PORTRANGE\n\ ++semanage interface [-admth] INTERFACE\n\ ++semanage fcontext [-admhfst] INTERFACE\n\ + -a, --add Add a OBJECT record NAME\n\ + -d, --delete Delete a OBJECT record NAME\n\ ++ -f, --ftype File Type of OBJECT \n\ + -h, --help display this message\n\ + -l, --list List the OBJECTS\n\ + -n, --noheading Do not print heading when listing OBJECTS\n\ +@@ -391,7 +58,7 @@ + # + # + try: +- objectlist = ("login", "user", "port") ++ objectlist = ("login", "user", "port", "interface", "fcontext") + input = sys.stdin + output = sys.stdout + serange = "" +@@ -399,6 +66,7 @@ + proto = "" + selevel = "" + setype = "" ++ ftype = "" + roles = "" + seuser = "" + heading=1 +@@ -416,9 +84,10 @@ + + args = sys.argv[2:] + gopts, cmds = getopt.getopt(args, +- 'adlhmnp:P:s:R:r:t:v', ++ 'adf:lhmnp:P:s:R:r:t:v', + ['add', + 'delete', ++ 'ftype=', + 'help', + 'list', + 'modify', +@@ -441,6 +110,8 @@ + if modify or add: + usage() + delete = 1 ++ if o == "-f" or o == "--ftype": ++ ftype=a + if o == "-h" or o == "--help": + usage() + +@@ -474,13 +145,19 @@ + verbose = 1 + + if object == "login": +- OBJECT = loginRecords() ++ OBJECT = seobject.loginRecords() + + if object == "user": +- OBJECT = seluserRecords() ++ OBJECT = seobject.seluserRecords() + + if object == "port": +- OBJECT = portRecords() ++ OBJECT = seobject.portRecords() ++ ++ if object == "interface": ++ OBJECT = seobject.interfaceRecords() ++ ++ if object == "fcontext": ++ OBJECT = seobject.fcontextRecords() + + if list: + OBJECT.list(heading) +@@ -504,6 +181,11 @@ + if object == "port": + OBJECT.add(target, proto, serange, setype) + ++ if object == "interface": ++ OBJECT.add(target, serange, setype) ++ ++ if object == "fcontext": ++ OBJECT.add(target, setype, ftype, serange, seuser) + sys.exit(0); + + if modify: +@@ -516,7 +198,13 @@ + + if object == "port": + OBJECT.modify(target, proto, serange, setype) +- sys.exit(0); ++ ++ if object == "interface": ++ OBJECT.modify(target, serange, setype) ++ ++ if object == "fcontext": ++ OBJECT.modify(target, setype, ftype, serange, seuser) ++ + sys.exit(0); + + if delete: +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.29.5/semanage/seobject.py +--- nsapolicycoreutils/semanage/seobject.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-1.29.5/semanage/seobject.py 2006-01-06 14:30:39.000000000 -0500 +@@ -0,0 +1,722 @@ ++#! /usr/bin/env python ++# Copyright (C) 2005 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# semanage is a tool for managing SELinux configuration files ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++ ++import pwd, string ++from semanage import *; ++class semanageRecords: ++ def __init__(self): ++ self.sh = semanage_handle_create() ++ self.semanaged = semanage_is_managed(self.sh) ++ if self.semanaged: ++ semanage_connect(self.sh) ++ ++class loginRecords(semanageRecords): ++ def __init__(self): ++ semanageRecords.__init__(self) ++ ++ def add(self, name, sename, serange): ++ if serange == "": ++ serange = "s0" ++ if sename == "": ++ sename = "user_u" ++ ++ (rc,k) = semanage_seuser_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_seuser_exists(self.sh, k) ++ if exists: ++ raise ValueError("SELinux User %s mapping already defined" % name) ++ try: ++ pwd.getpwnam(name) ++ except: ++ raise ValueError("Linux User %s does not exist" % name) ++ ++ (rc,u) = semanage_seuser_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create seuser for %s" % name) ++ ++ semanage_seuser_set_name(self.sh, u, name) ++ semanage_seuser_set_mlsrange(self.sh, u, serange) ++ semanage_seuser_set_sename(self.sh, u, sename) ++ semanage_begin_transaction(self.sh) ++ semanage_seuser_add(self.sh, k, u) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add SELinux user mapping") ++ ++ def modify(self, name, sename = "", serange = ""): ++ (rc,k) = semanage_seuser_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ if sename == "" and serange == "": ++ raise ValueError("Requires, seuser or serange") ++ ++ (rc,exists) = semanage_seuser_exists(self.sh, k) ++ if exists: ++ (rc,u) = semanage_seuser_query(self.sh, k) ++ if rc < 0: ++ raise ValueError("Could not query seuser for %s" % name) ++ else: ++ raise ValueError("SELinux user %s mapping is not defined." % name) ++ ++ if serange != "": ++ semanage_seuser_set_mlsrange(self.sh, u, serange) ++ if sename != "": ++ semanage_seuser_set_sename(self.sh, u, sename) ++ semanage_begin_transaction(self.sh) ++ semanage_seuser_modify_local(self.sh, k, u) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to modify SELinux user mapping") ++ def delete(self, name): ++ (rc,k) = semanage_seuser_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_seuser_exists(self.sh, k) ++ if not exists: ++ raise ValueError("SELinux user %s mapping is not defined." % name) ++ semanage_begin_transaction(self.sh) ++ semanage_seuser_del(self.sh, k) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("SELinux User %s mapping not defined" % name) ++ ++ def get_all(self): ++ dict={} ++ (status, self.ulist, self.usize) = semanage_seuser_list(self.sh) ++ for idx in range(self.usize): ++ u = semanage_seuser_by_idx(self.ulist, idx) ++ name = semanage_seuser_get_name(u) ++ dict[name]=(semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u)) ++ return dict ++ ++ def list(self,heading=1): ++ if heading: ++ print "\n%-25s %-25s %-25s\n" % ("Login Name", "SELinux User", "MLS/MCS Range") ++ dict=self.get_all() ++ keys=dict.keys() ++ keys.sort() ++ for k in keys: ++ print "%-25s %-25s %-25s" % (k, dict[k][0], dict[k][1]) ++ ++class seluserRecords(semanageRecords): ++ def __init__(self): ++ semanageRecords.__init__(self) ++ ++ def add(self, name, roles, selevel, serange): ++ if serange == "": ++ serange = "s0" ++ if selevel == "": ++ selevel = "s0" ++ ++ (rc,k) = semanage_user_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if not exists: ++ raise ValueError("SELinux user %s is already defined." % name) ++ ++ (rc,u) = semanage_user_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create login mapping for %s" % name) ++ ++ semanage_user_set_name(self.sh, u, name) ++ for r in roles: ++ semanage_user_add_role(self.sh, u, r) ++ semanage_user_set_mlsrange(self.sh, u, serange) ++ semanage_user_set_mlslevel(self.sh, u, selevel) ++ (rc,key) = semanage_user_key_extract(self.sh,u) ++ if rc < 0: ++ raise ValueError("Could not extract key for %s" % name) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_user_add_local(self.sh, k, u) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add SELinux user") ++ ++ def modify(self, name, roles = [], selevel = "", serange = ""): ++ if len(roles) == 0 and serange == "" and selevel == "": ++ raise ValueError("Requires, roles, level or range") ++ ++ (rc,k) = semanage_user_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s" % name) ++ ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if exists: ++ (rc,u) = semanage_user_query(self.sh, k) ++ else: ++ raise ValueError("SELinux user %s mapping is not defined locally." % name) ++ if rc < 0: ++ raise ValueError("Could not query user for %s" % name) ++ ++ if serange != "": ++ semanage_user_set_mlsrange(self.sh, u, serange) ++ if selevel != "": ++ semanage_user_set_mlslevel(self.sh, u, selevel) ++ if len(roles) != 0: ++ for r in roles: ++ semanage_user_add_role(self.sh, u, r) ++ semanage_begin_transaction(self.sh) ++ semanage_user_modify_local(self.sh, k, u) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to modify SELinux user") ++ ++ def delete(self, name): ++ (rc,k) = semanage_user_key_create(self.sh, name) ++ if rc < 0: ++ raise ValueError("Could not crpppeate a key for %s" % name) ++ (rc,exists) = semanage_user_exists(self.sh, k) ++ if not exists: ++ raise ValueError("user %s is not defined" % name) ++ else: ++ (rc,exists) = semanage_user_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("user %s is not defined locally, can not delete " % name) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_user_del_local(self.sh, k) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Login User %s not defined" % name) ++ ++ def get_all(self): ++ dict={} ++ (status, self.ulist, self.usize) = semanage_user_list(self.sh) ++ for idx in range(self.usize): ++ u = semanage_user_by_idx(self.ulist, idx) ++ name = semanage_user_get_name(u) ++ (status, rlist, rlist_size) = semanage_user_get_roles(self.sh, u) ++ roles = "" ++ ++ if rlist_size: ++ roles += char_by_idx(rlist, 0) ++ for ridx in range (1,rlist_size): ++ roles += " " + char_by_idx(rlist, ridx) ++ dict[semanage_user_get_name(u)] = (semanage_user_get_mlslevel(u), semanage_user_get_mlsrange(u), roles) ++ ++ return dict ++ ++ def list(self, heading=1): ++ if heading: ++ print "\n%-15s %-10s %-20s" % ("", "MLS/", "MLS/") ++ print "%-15s %-10s %-15s %-20s\n" % ("SELinux User", "MCS Level", "MCS Range", "SELinux Roles") ++ dict=self.get_all() ++ keys=dict.keys() ++ keys.sort() ++ for k in keys: ++ print "%-15s %-10s %-15s %s" % (k, dict[k][0], dict[k][1], dict[k][2]) ++ ++class portRecords(semanageRecords): ++ def __init__(self): ++ semanageRecords.__init__(self) ++ ++ def __genkey(self, port, proto): ++ if proto == "tcp": ++ proto_d=SEMANAGE_PROTO_TCP ++ else: ++ if proto == "udp": ++ proto_d=SEMANAGE_PROTO_UDP ++ else: ++ raise ValueError("Protocol udp or tcp is required") ++ if port == "": ++ raise ValueError("Port is required") ++ ++ ports=port.split("-") ++ if len(ports) == 1: ++ low=string.atoi(ports[0]) ++ high=string.atoi(ports[0]) ++ else: ++ low=string.atoi(ports[0]) ++ high=string.atoi(ports[1]) ++ ++ (rc,k) = semanage_port_key_create(self.sh, low, high, proto_d) ++ if rc < 0: ++ raise ValueError("Could not create a key for %s/%s" % (proto, port)) ++ return ( k, proto_d, low, high ) ++ ++ def add(self, port, proto, serange, type): ++ if serange == "": ++ serange="s0" ++ ++ if type == "": ++ raise ValueError("Type is required") ++ ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ ++ (rc,exists) = semanage_port_exists(self.sh, k) ++ if exists: ++ raise ValueError("Port %s/%s already defined" % (proto, port)) ++ ++ (rc,p) = semanage_port_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create port for %s/%s" % (proto, port)) ++ ++ semanage_port_set_proto(p, proto_d) ++ semanage_port_set_range(p, low, high) ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create context for %s/%s" % (proto, port)) ++ ++ semanage_context_set_user(self.sh, con, "system_u") ++ semanage_context_set_role(self.sh, con, "object_r") ++ semanage_context_set_type(self.sh, con, type) ++ semanage_context_set_mls(self.sh, con, serange) ++ semanage_begin_transaction(self.sh) ++ semanage_port_set_con(p, con) ++ semanage_port_add_local(self.sh, k, p) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add port") ++ ++ def modify(self, port, proto, serange, setype): ++ if serange == "" and setype == "": ++ raise ValueError("Requires, setype or serange") ++ ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ ++ (rc,exists) = semanage_port_exists(self.sh, k) ++ if exists: ++ (rc,p) = semanage_port_query(self.sh, k) ++ else: ++ raise ValueError("port %s/%s is not defined." % (proto,port)) ++ ++ if rc < 0: ++ raise ValueError("Could not query port for %s/%s" % (proto, port)) ++ ++ con = semanage_port_get_con(p) ++ if rc < 0: ++ raise ValueError("Could not get port context for %s/%s" % (proto, port)) ++ ++ if serange != "": ++ semanage_context_set_mls(self.sh, con, serange) ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ semanage_begin_transaction(self.sh) ++ semanage_port_modify_local(self.sh, k, p) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add port") ++ ++ def delete(self, port, proto): ++ ( k, proto_d, low, high ) = self.__genkey(port, proto) ++ (rc,exists) = semanage_port_exists(self.sh, k) ++ if not exists: ++ raise ValueError("port %s/%s is not defined." % (proto,port)) ++ else: ++ (rc,exists) = semanage_port_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("port %s/%s is not defined localy, can not be deleted." % (proto,port)) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_port_del_local(self.sh, k) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Port %s/%s not defined" % (proto,port)) ++ ++ def get_all(self): ++ dict={} ++ (status, self.plist, self.psize) = semanage_port_list(self.sh) ++ for idx in range(self.psize): ++ u = semanage_port_by_idx(self.plist, idx) ++ con = semanage_port_get_con(u) ++ name = semanage_context_get_type(con) ++ proto=semanage_port_get_proto_str(u) ++ low=semanage_port_get_low(u) ++ high = semanage_port_get_high(u) ++ if (name, proto) not in dict.keys(): ++ dict[(name,proto)]=[] ++ if low == high: ++ dict[(name,proto)].append("%d" % low) ++ else: ++ dict[(name,proto)].append("%d-%d" % (low, high)) ++ return dict ++ ++ def list(self, heading=1): ++ if heading: ++ print "%-30s %-8s %s\n" % ("SELinux Port Name", "Proto", "Port Number") ++ dict=self.get_all() + keys=dict.keys() + keys.sort() + for i in keys: - rec = "%-30s %-8s " % i - rec += "%s" % dict[i][0] - for p in dict[i][1:]: - rec += ", %s" % p - print rec - ++ rec = "%-30s %-8s " % i ++ rec += "%s" % dict[i][0] ++ for p in dict[i][1:]: ++ rec += ", %s" % p ++ print rec ++ +class interfaceRecords(semanageRecords): + def __init__(self): + semanageRecords.__init__(self) @@ -229,7 +877,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy + serange="s0" + + if type == "": -+ raise ValueError("Type is required") ++ raise ValueError("SELinux Type is required") + + (rc,k) = semanage_iface_key_create(self.sh, interface) + if rc < 0: @@ -305,71 +953,276 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/semanage/semanage policy + if semanage_commit(self.sh) < 0: + raise ValueError("Interface %s not defined" % interface) + -+ def list(self, heading=1): ++ def get_all(self): ++ dict={} + (status, self.plist, self.psize) = semanage_iface_list(self.sh) + if status < 0: + raise ValueError("Unable to list interfaces") ++ for idx in range(self.psize): ++ interface = semanage_iface_by_idx(self.plist, idx) ++ con = semanage_iface_get_ifcon(interface) ++ dict[semanage_iface_get_name(interface)]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) ++ ++ return dict + ++ def list(self, heading=1): + if heading: + print "%-30s %s\n" % ("SELinux Interface", "Context") -+ dict={} -+ for idx in range(self.psize): -+ iface = semanage_iface_by_idx(self.plist, idx) -+ name = semanage_iface_get_name(iface) -+ con = semanage_iface_get_ifcon(iface) -+ -+ -+ print "%-30s %s:%s:%s:%s " % (name,semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) ++ dict=self.get_all() ++ keys=dict.keys() ++ keys.sort() ++ for k in keys: ++ print "%-30s %s:%s:%s:%s " % (k,dict[k][0], dict[k][1],dict[k][2], dict[k][3]) + - if __name__ == '__main__': - - def usage(message = ""): -@@ -366,6 +449,7 @@ - semanage user [-admsRrh] SELINUX_USER\n\ - semanage login [-admsrh] LOGIN_NAME\n\ - semanage port [-admth] PORT | PORTRANGE\n\ -+semanage interface [-admth] INTERFACE\n\ - -a, --add Add a OBJECT record NAME\n\ - -d, --delete Delete a OBJECT record NAME\n\ - -h, --help display this message\n\ -@@ -391,7 +475,7 @@ - # - # - try: -- objectlist = ("login", "user", "port") -+ objectlist = ("login", "user", "port", "interface") - input = sys.stdin - output = sys.stdout - serange = "" -@@ -482,6 +566,9 @@ - if object == "port": - OBJECT = portRecords() - -+ if object == "interface": -+ OBJECT = interfaceRecords() ++class fcontextRecords(semanageRecords): ++ def __init__(self): ++ semanageRecords.__init__(self) ++ self.file_types={} ++ self.file_types[""] = SEMANAGE_FCONTEXT_ALL; ++ self.file_types["all files"] = SEMANAGE_FCONTEXT_ALL; ++ self.file_types["--"] = SEMANAGE_FCONTEXT_REG; ++ self.file_types["regular file"] = SEMANAGE_FCONTEXT_REG; ++ self.file_types["-d"] = SEMANAGE_FCONTEXT_DIR; ++ self.file_types["directory"] = SEMANAGE_FCONTEXT_DIR; ++ self.file_types["-c"] = SEMANAGE_FCONTEXT_CHAR; ++ self.file_types["character device"] = SEMANAGE_FCONTEXT_CHAR; ++ self.file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK; ++ self.file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK; ++ self.file_types["-s"] = SEMANAGE_FCONTEXT_SOCK; ++ self.file_types["socket"] = SEMANAGE_FCONTEXT_SOCK; ++ self.file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK; ++ self.file_types["-p"] = SEMANAGE_FCONTEXT_PIPE; ++ self.file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE; + - if list: - OBJECT.list(heading) - sys.exit(0); -@@ -504,6 +591,9 @@ - if object == "port": - OBJECT.add(target, proto, serange, setype) - -+ if object == "interface": -+ OBJECT.add(target, serange, setype) ++ ++ def add(self, target, type, ftype="", serange="s0", seuser="system_u"): ++ if seuser == "": ++ seuser="system_u" ++ ++ if serange == "": ++ serange="s0" ++ ++ if type == "": ++ raise ValueError("SELinux Type is required") + - sys.exit(0); - - if modify: -@@ -516,7 +606,10 @@ - - if object == "port": - OBJECT.modify(target, proto, serange, setype) -- sys.exit(0); ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't create key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ print (rc, exists, target) ++ if exists: ++ raise ValueError("fcontext %s already defined" % target) ++ (rc,fcontext) = semanage_fcontext_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create fcontext for %s" % target) ++ ++ rc = semanage_fcontext_set_expr(self.sh, fcontext, target) ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create context for %s" % target) + -+ if object == "interface": -+ OBJECT.modify(target, serange, setype) ++ semanage_context_set_user(self.sh, con, seuser) ++ semanage_context_set_role(self.sh, con, "object_r") ++ semanage_context_set_type(self.sh, con, type) ++ semanage_context_set_mls(self.sh, con, serange) ++ semanage_fcontext_set_type(fcontext, self.file_types[ftype]) ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_set_con(fcontext, con) ++ semanage_fcontext_add_local(self.sh, k, fcontext) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add fcontext") + - sys.exit(0); - - if delete: ++ def modify(self, target, setype, ftype, serange, seuser): ++ if serange == "" and setype == "" and seuser == "": ++ raise ValueError("Requires, setype, serange or seuser") ++ ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't creater key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ if exists: ++ (rc,p) = semanage_fcontext_query(self.sh, k) ++ else: ++ raise ValueError("fcontext %s is not defined." % target) ++ if rc < 0: ++ raise ValueError("Could not query fcontext for %s" % target) ++ con = semanage_fcontext_get_con(p) ++ if rc < 0: ++ raise ValueError("Could not get fcontext context for %s" % target) ++ ++ if serange != "": ++ semanage_context_set_mls(self.sh, con, serange) ++ if seuser != "": ++ semanage_context_set_user(self.sh, con, seuser) ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_modify_local(self.sh, k, p) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add fcontext") ++ ++ def delete(self, target): ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't create key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ if not exists: ++ raise ValueError("fcontext %s is not defined." % target) ++ else: ++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_del_local(self.sh, k) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("fcontext %s not defined" % target) ++ ++ def get_all(self): ++ dict={} ++ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) ++ if status < 0: ++ raise ValueError("Unable to list fcontexts") ++ ++ for idx in range(self.psize): ++ fcontext = semanage_fcontext_by_idx(self.plist, idx) ++ expr=semanage_fcontext_get_expr(fcontext) ++ ftype=semanage_fcontext_get_type_str(fcontext) ++ con = semanage_fcontext_get_con(fcontext) ++ if con: ++ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) ++ else: ++ dict[expr, ftype]=con ++ ++ return dict ++ ++ def list(self, heading=1): ++ if heading: ++ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") ++ dict=self.get_all() ++ keys=dict.keys() ++ for k in keys: ++ if dict[k]: ++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) ++ else: ++ print "%-50s %-18s <>" % (k[0], k[1]) ++ ++class booleanRecords(semanageRecords): ++ def __init__(self): ++ semanageRecords.__init__(self) ++ ++ def add(self, target, type, ftype="", serange="s0", seuser="system_u"): ++ if seuser == "": ++ seuser="system_u" ++ ++ if serange == "": ++ serange="s0" ++ ++ if type == "": ++ raise ValueError("SELinux Type is required") ++ ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't create key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ print (rc, exists, target) ++ if exists: ++ raise ValueError("fcontext %s already defined" % target) ++ (rc,fcontext) = semanage_fcontext_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create fcontext for %s" % target) ++ ++ rc = semanage_fcontext_set_expr(self.sh, fcontext, target) ++ (rc, con) = semanage_context_create(self.sh) ++ if rc < 0: ++ raise ValueError("Could not create context for %s" % target) ++ ++ semanage_context_set_user(self.sh, con, seuser) ++ semanage_context_set_role(self.sh, con, "object_r") ++ semanage_context_set_type(self.sh, con, type) ++ semanage_context_set_mls(self.sh, con, serange) ++ semanage_fcontext_set_type(fcontext, self.file_types[ftype]) ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_set_con(fcontext, con) ++ semanage_fcontext_add_local(self.sh, k, fcontext) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add fcontext") ++ ++ def modify(self, target, setype, ftype, serange, seuser): ++ if serange == "" and setype == "" and seuser == "": ++ raise ValueError("Requires, setype, serange or seuser") ++ ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't creater key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ if exists: ++ (rc,p) = semanage_fcontext_query(self.sh, k) ++ else: ++ raise ValueError("fcontext %s is not defined." % target) ++ if rc < 0: ++ raise ValueError("Could not query fcontext for %s" % target) ++ con = semanage_fcontext_get_con(p) ++ if rc < 0: ++ raise ValueError("Could not get fcontext context for %s" % target) ++ ++ if serange != "": ++ semanage_context_set_mls(self.sh, con, serange) ++ if seuser != "": ++ semanage_context_set_user(self.sh, con, seuser) ++ if setype != "": ++ semanage_context_set_type(self.sh, con, setype) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_modify_local(self.sh, k, p) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("Failed to add fcontext") ++ ++ def delete(self, target): ++ (rc,k) = semanage_fcontext_key_create(self.sh, target, self.file_types[ftype]) ++ if rc < 0: ++ raise ValueError("Can't create key for %s" % target) ++ (rc,exists) = semanage_fcontext_exists(self.sh, k) ++ if not exists: ++ raise ValueError("fcontext %s is not defined." % target) ++ else: ++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k) ++ if not exists: ++ raise ValueError("fcontext %s is not defined localy, can not be deleted." % target) ++ ++ semanage_begin_transaction(self.sh) ++ semanage_fcontext_del_local(self.sh, k) ++ if semanage_commit(self.sh) < 0: ++ raise ValueError("fcontext %s not defined" % target) ++ ++ def get_all(self): ++ dict={} ++ (status, self.plist, self.psize) = semanage_fcontext_list(self.sh) ++ if status < 0: ++ raise ValueError("Unable to list fcontexts") ++ ++ for idx in range(self.psize): ++ fcontext = semanage_fcontext_by_idx(self.plist, idx) ++ expr=semanage_fcontext_get_expr(fcontext) ++ ftype=semanage_fcontext_get_type_str(fcontext) ++ con = semanage_fcontext_get_con(fcontext) ++ if con: ++ dict[expr, ftype]=(semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) ++ else: ++ dict[expr, ftype]=con ++ ++ return dict ++ ++ def list(self, heading=1): ++ if heading: ++ print "%-50s %-18s %s\n" % ("SELinux fcontext", "type", "Context") ++ dict=self.get_all() ++ keys=dict.keys() ++ for k in keys: ++ if dict[k]: ++ print "%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], dict[k][0], dict[k][1],dict[k][2], dict[k][3]) ++ else: ++ print "%-50s %-18s <>" % (k[0], k[1]) ++ ++ diff --git a/policycoreutils.spec b/policycoreutils.spec index b0a5869..53fa658 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -4,7 +4,7 @@ Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.29.5 -Release: 1 +Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -47,7 +47,7 @@ mkdir -p ${RPM_BUILD_ROOT}/sbin mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d -make DESTDIR="${RPM_BUILD_ROOT}" install +make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" install %find_lang %{name} @@ -94,8 +94,13 @@ rm -rf ${RPM_BUILD_ROOT} %config %{_sysconfdir}/pam.d/newrole %config %{_sysconfdir}/pam.d/run_init %config(noreplace) %{_sysconfdir}/sestatus.conf +%{_libdir}/python2.4/site-packages/seobject.py* %changelog +* Tue Jan 10 2006 Dan Walsh 1.29.5-2 +- Update semanage and split out seobject +- Fix labeleing of home_root + * Thu Jan 5 2006 Dan Walsh 1.29.5-1 - Update to match NSA * Added filename to semodule error reporting.