*** empty log message ***
This commit is contained in:
Daniel J Walsh
parent
6b6d439e72
commit
a770942374
|
|
@ -1,6 +1,6 @@
|
|||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-1.27.28/audit2allow/audit2allow
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow 2005-09-12 16:33:30.000000000 -0400
|
||||
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-16 23:07:04.000000000 -0500
|
||||
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-17 10:26:24.000000000 -0500
|
||||
@@ -1,7 +1,12 @@
|
||||
-#!/usr/bin/perl
|
||||
-
|
||||
|
|
@ -17,7 +17,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
@@ -17,148 +22,255 @@
|
||||
@@ -17,148 +22,316 @@
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
# 02111-1307 USA
|
||||
|
|
@ -268,23 +268,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||
+ if type not in self.types:
|
||||
+ self.types.append(type)
|
||||
+
|
||||
+ def module_out(self, module):
|
||||
+ def gen_module(self, module):
|
||||
+ return "module %s 1.0;" % module
|
||||
+
|
||||
+ def gen_requires(self):
|
||||
+ self.roles.sort()
|
||||
+ self.types.sort()
|
||||
+ keys=self.seclasses.keys()
|
||||
+ keys.sort()
|
||||
+ rec="module %s 1.0;" % module
|
||||
+ rec+="\n\nrequire {\n"
|
||||
+ rec="\n\nrequire {\n"
|
||||
+ for i in self.roles:
|
||||
+ rec += "\trole %s; \n" % i
|
||||
+ rec += "\n\n"
|
||||
+ for i in keys:
|
||||
+ access=self.seclasses[i]
|
||||
+ access.sort()
|
||||
+ rec+="\tclass %s { " % i
|
||||
+ rec += "\tclass %s { " % i
|
||||
+ for a in access:
|
||||
+ rec+=" %s" % a
|
||||
+ rec+=" }; \n"
|
||||
+ rec += " %s" % a
|
||||
+ rec += " }; \n"
|
||||
+ rec += "\n\n"
|
||||
+
|
||||
+ for i in self.types:
|
||||
|
|
@ -342,79 +344,139 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow
|
|||
- -o append output to <outputfile>\n";
|
||||
- exit;
|
||||
-}
|
||||
+ def out(self, module):
|
||||
-
|
||||
+ def out(self, require=0, module=""):
|
||||
+ rec=""
|
||||
+ if len(self.allowRules.keys())==0:
|
||||
+ raise(ValueError("No AVC messages found."))
|
||||
+ if module!="":
|
||||
+ rec+=self.module_out(module)
|
||||
+ rec += self.gen_module(module)
|
||||
+ rec += self.gen_requires()
|
||||
+ else:
|
||||
+ if requires:
|
||||
+ rec+=self.gen_requires()
|
||||
+
|
||||
+ for i in self.allowRules.keys():
|
||||
+ rec += self.allowRules[i].out(verbose)+"\n"
|
||||
+ return rec
|
||||
+
|
||||
+def usage():
|
||||
+ print 'audit2allow [-a] [-d] [-l] [-v] [-i <inputfile> ] [-m <modulename> ] [-o <outputfile>]\n\
|
||||
+ -a read input from audit and message log\n\
|
||||
+ -d read input from output of /bin/dmesg\n\
|
||||
+ -i read input from <inputfile> conflicts with -a\n\
|
||||
+ -l read input only after last \"load_policy\"\n\
|
||||
+ -m module output <modulename> \n\
|
||||
+ -o append output to <outputfile>\n\
|
||||
+ -v verbose output\n\
|
||||
+ '
|
||||
+ sys.exit(1)
|
||||
+if __name__ == '__main__':
|
||||
+
|
||||
+def errorExit(error):
|
||||
+ sys.stderr.write("%s exiting for: " % sys.argv[0])
|
||||
+ sys.stderr.write("%s\n" % error)
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
|
||||
+#
|
||||
+# This script will generate home dir file context
|
||||
+# based off the homedir_template file, entries in the password file, and
|
||||
+#
|
||||
+try:
|
||||
+ last_reload=0
|
||||
+ input=sys.stdin
|
||||
+ output=sys.stdout
|
||||
+ module=""
|
||||
+ verbose=0
|
||||
+ auditlogs=0
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:], 'avdo:hli:m:', ['help',
|
||||
+ 'last_reload='])
|
||||
+ for o,a in gopts:
|
||||
+ if o == '--last_reload' or o == "-l":
|
||||
+ last_reload=1
|
||||
+ if o == "-v":
|
||||
+ verbose=1
|
||||
+ if o == "-a":
|
||||
+ input=open("/var/log/messages", "r")
|
||||
+ auditlogs=1
|
||||
+ if o == "-i":
|
||||
+ if auditlogs:
|
||||
+ def usage():
|
||||
+ print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
|
||||
+ -a, --all read input from audit and message log, conflicts with -i\n\
|
||||
+ -d, --dmesg read input from output of /bin/dmesg\n\
|
||||
+ -h, --help display this message\n\
|
||||
+ -i, --input read input from <inputfile> conflicts with -a\n\
|
||||
+ -l, --lastreload read input only after last \"load_policy\"\n\
|
||||
+ -m, --module generate module/require output <modulename> \n\
|
||||
+ -M generate loadable module package, conflicts with -o\n\
|
||||
+ -o, --output append output to <outputfile>, conflicts with -M\n\
|
||||
+ -r, --requires generate require output \n\
|
||||
+ -v, --verbose verbose output\n\
|
||||
+ '
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+ def errorExit(error):
|
||||
+ sys.stderr.write("%s: " % sys.argv[0])
|
||||
+ sys.stderr.write("%s\n" % error)
|
||||
+ sys.stderr.flush()
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+ #
|
||||
+ #
|
||||
+ #
|
||||
+ try:
|
||||
+ last_reload=0
|
||||
+ input=sys.stdin
|
||||
+ output=sys.stdout
|
||||
+ module=""
|
||||
+ requires=0
|
||||
+ verbose=0
|
||||
+ auditlogs=0
|
||||
+ buildPP=0
|
||||
+ input_ind=0
|
||||
+ output_ind=0
|
||||
+ gopts, cmds = getopt.getopt(sys.argv[1:],
|
||||
+ 'adhi:lm:M:o:rv',
|
||||
+ ['all',
|
||||
+ 'dmesg',
|
||||
+ 'help',
|
||||
+ 'input=',
|
||||
+ 'lastreload',
|
||||
+ 'module=',
|
||||
+ 'output=',
|
||||
+ 'requires'
|
||||
+ 'verbose'
|
||||
+ ])
|
||||
+ for o,a in gopts:
|
||||
+ if o == "-a" or o == "--all":
|
||||
+ if input_ind:
|
||||
+ usage()
|
||||
+ input=open("/var/log/messages", "r")
|
||||
+ auditlogs=1
|
||||
+ if o == "-d" or o == "--dmesg":
|
||||
+ input=os.popen("/bin/dmesg", "r")
|
||||
+ if o == "-h" or o == "--help":
|
||||
+ usage()
|
||||
+ input=open(a, "r")
|
||||
+ if o == "-m":
|
||||
+ module=a
|
||||
+ if o == '--help':
|
||||
+ usage()
|
||||
+ if o == "-d":
|
||||
+ input=os.popen("/bin/dmesg", "r")
|
||||
+ if o == "-o":
|
||||
+ output=open(a, "a")
|
||||
+ if len(cmds) != 0:
|
||||
+ usage()
|
||||
+ out=allowRecords(input, last_reload, verbose)
|
||||
+ if auditlogs:
|
||||
+ input=open("/var/log/audit/audit.log", "r")
|
||||
+ out.load(input)
|
||||
+ output.write(out.out(module))
|
||||
+ if o == "-i"or o == "--input":
|
||||
+ if auditlogs:
|
||||
+ usage()
|
||||
+ input_ind=1
|
||||
+ input=open(a, "r")
|
||||
+ if o == '--lastreload' or o == "-l":
|
||||
+ last_reload=1
|
||||
+ if o == "-m" or o == "--module":
|
||||
+ if module != "":
|
||||
+ usage()
|
||||
+ module=a
|
||||
+ if o == "-M":
|
||||
+ if module != "" or output_ind:
|
||||
+ usage()
|
||||
+ module=a
|
||||
+ outfile=a+".te"
|
||||
+ buildPP=1
|
||||
+ output=open(outfile, "w")
|
||||
+ if o == "-r" or o == "--requires":
|
||||
+ requires=1
|
||||
+ if o == "-o" or o == "--output":
|
||||
+ if module != "":
|
||||
+ usage()
|
||||
+ output=open(a, "a")
|
||||
+ output_ind=1
|
||||
+ if o == "-v" or o == "--verbose":
|
||||
+ verbose=1
|
||||
+ if len(cmds) != 0:
|
||||
+ usage()
|
||||
+ out=allowRecords(input, last_reload, verbose)
|
||||
+ if auditlogs:
|
||||
+ input=open("/var/log/audit/audit.log", "r")
|
||||
+ out.load(input)
|
||||
+ if buildPP:
|
||||
+ print ("Generating type enforcment file: %s.te" % module)
|
||||
+ output.write(out.out(requires, module))
|
||||
+ if buildPP:
|
||||
+ print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))
|
||||
+ rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))
|
||||
+ if rc[0]==0:
|
||||
+ print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
|
||||
+ rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
|
||||
+ if rc[0]==0:
|
||||
+ print ("\n*************** IMPORTANT ***********************\n")
|
||||
+ print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)
|
||||
+ else:
|
||||
+ errorExit(rc[1])
|
||||
+ else:
|
||||
+ errorExit(rc[1])
|
||||
+
|
||||
+except getopt.error, error:
|
||||
+ errorExit(string.join("Options Error ", error))
|
||||
+except ValueError, error:
|
||||
+ errorExit(string.join("ValueError ", error))
|
||||
+except KeyboardInterrupt, error:
|
||||
+ sys.exit(0)
|
||||
+ except getopt.error, error:
|
||||
+ errorExit("Options Error " + error.msg)
|
||||
+ except ValueError, error:
|
||||
+ errorExit(error.args[0])
|
||||
+ except IOError, error:
|
||||
+ errorExit(error.args[1])
|
||||
+ except KeyboardInterrupt, error:
|
||||
+ sys.exit(0)
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2allow/audit2allow.perl policycoreutils-1.27.28/audit2allow/audit2allow.perl
|
||||
--- nsapolicycoreutils/audit2allow/audit2allow.perl 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-1.27.28/audit2allow/audit2allow.perl 2005-11-16 22:33:25.000000000 -0500
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
Summary: SELinux policy core utilities.
|
||||
Name: policycoreutils
|
||||
Version: 1.27.28
|
||||
Release: 2
|
||||
Release: 3
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
|
|
@ -89,6 +89,12 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
|
||||
%changelog
|
||||
|
||||
* Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-3
|
||||
- Audit2allow
|
||||
* Add more error checking
|
||||
* Add gen policy package
|
||||
* Add gen requires
|
||||
|
||||
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
|
||||
- Update to match NSA
|
||||
* Merged genhomedircon rewrite from Dan Walsh.
|
||||
|
|
|
|||
Loading…
Reference in New Issue