Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2006-10-17 15:00:52
|
Revision: 2054
http://svn.sourceforge.net/selinux/?rev=2054&view=rev
Author: ssmalley
Date: 2006-10-17 08:00:45 -0700 (Tue, 17 Oct 2006)
Log Message:
-----------
Extract bug fix from Fedora policycoreutils-rhat.patch for semanage.
This one initializes oldserange so that it is defined in the exception
handler.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2006-10-17 14:52:48 UTC (rev 2053)
+++ trunk/policycoreutils/semanage/seobject.py 2006-10-17 15:00:45 UTC (rev 2054)
@@ -486,6 +486,7 @@
def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
oldroles = ""
+ oldserange = ""
newroles = string.join(roles, ' ');
try:
if prefix == "" and len(roles) == 0 and serange == "" and selevel == "":
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2007-01-08 20:33:12
|
Revision: 2156
http://svn.sourceforge.net/selinux/?rev=2156&view=rev
Author: madmethod
Date: 2007-01-08 12:33:11 -0800 (Mon, 08 Jan 2007)
Log Message:
-----------
seobject.py assumes that handle creation always succeeds, though this is not always the case. This patch checks for that failure.
Signed-off-by: Karl MacMillan <kma...@me...>
Acked-By: Joshua Brindle <jbr...@tr...>
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-01-08 20:32:26 UTC (rev 2155)
+++ trunk/policycoreutils/semanage/seobject.py 2007-01-08 20:33:11 UTC (rev 2156)
@@ -208,6 +208,9 @@
class semanageRecords:
def __init__(self):
self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
self.semanaged = semanage_is_managed(self.sh)
if not self.semanaged:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-01-09 20:41:31
|
Revision: 2162
http://svn.sourceforge.net/selinux/?rev=2162&view=rev
Author: ssmalley
Date: 2007-01-09 12:41:26 -0800 (Tue, 09 Jan 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: patch to make seobject.py work correctly.
Date: Tue, 09 Jan 2007 10:18:06 -0500
This patch should be upstreamable as controversial parts removed.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-01-09 20:40:39 UTC (rev 2161)
+++ trunk/policycoreutils/semanage/seobject.py 2007-01-09 20:41:26 UTC (rev 2162)
@@ -94,23 +94,25 @@
return re.search("^" + reg +"$",raw)
def translate(raw, prepend = 1):
- if prepend == 1:
- context = "a:b:c:%s" % raw
+ filler="a:b:c:"
+ if prepend == 1:
+ context = "%s%s" % (filler,raw)
else:
context = raw
(rc, trans) = selinux.selinux_raw_to_trans_context(context)
if rc != 0:
return raw
if prepend:
- trans = trans.strip("a:b:c")
+ trans = trans[len(filler):]
if trans == "":
return raw
else:
return trans
def untranslate(trans, prepend = 1):
+ filler="a:b:c:"
if prepend == 1:
- context = "a:b:c:%s" % trans
+ context = "%s%s" % (filler,trans)
else:
context = trans
@@ -118,7 +120,7 @@
if rc != 0:
return trans
if prepend:
- raw = raw.strip("a:b:c")
+ raw = raw[len(filler):]
if raw == "":
return trans
else:
@@ -157,7 +159,7 @@
def out(self):
rec = ""
for c in self.comments:
- rec += c +"\n"
+ rec += c
keys = self.ddict.keys()
keys.sort()
for k in keys:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-01-17 16:35:44
|
Revision: 2185
http://svn.sourceforge.net/selinux/?rev=2185&view=rev
Author: ssmalley
Date: 2007-01-17 07:54:23 -0800 (Wed, 17 Jan 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: seobject: fix audit
Date: Tue, 16 Jan 2007 15:19:41 -0500
Need to convert unicode to string for audit to work.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-01-16 19:15:33 UTC (rev 2184)
+++ trunk/policycoreutils/semanage/seobject.py 2007-01-17 15:54:23 UTC (rev 2185)
@@ -63,7 +63,7 @@
self.audit_fd = audit.audit_open()
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],msg, name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
+ audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],str(msg), name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
except:
class logger:
def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-02-20 13:25:24
|
Revision: 2233
http://svn.sourceforge.net/selinux/?rev=2233&view=rev
Author: ssmalley
Date: 2007-02-20 05:25:22 -0800 (Tue, 20 Feb 2007)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: policycoreutils/semanage/seobject.py:setransRecords: improper string subst
Date: Tue, 6 Feb 2007 11:23:20 -0500
A small fix for the wrong number of arguments for python string substitution.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-02-08 21:00:40 UTC (rev 2232)
+++ trunk/policycoreutils/semanage/seobject.py 2007-02-20 13:25:22 UTC (rev 2233)
@@ -139,7 +139,7 @@
translations = fd.readlines()
fd.close()
except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename, e) )
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
self.ddict = {}
self.comments = []
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-04-12 15:48:58
|
Revision: 2338
http://svn.sourceforge.net/selinux/?rev=2338&view=rev
Author: ssmalley
Date: 2007-04-12 08:48:54 -0700 (Thu, 12 Apr 2007)
Log Message:
-----------
Author: "Xavier Toth"
Email: tx...@gm...
Subject: seobject.py setransRecords.get_all method return values
Date: Tue, 10 Apr 2007 09:01:19 -0500
On 4/10/07, Stephen Smalley <sd...@ty...> wrote:
> On Mon, 2007-04-09 at 14:08 -0500, Ted X Toth wrote:
> > When you have aliases in your setrans.conf
> > seobject.setransRecords().get_all returns a dictionary containing values
> > with the last alias whereas the first alias is what I'd like (this is
> > also what the os uses). Alternatively it could return an ordered list of
> > all of the aliases as the dictionary values or maybe this would be a
> > different method.
>
> Unless such a change would pose a problem for current users of
> seobject.setransRecords().get_all, I'd be fine with changing it to
> return the first alias, and possibly introduce another method if we need
> to return all the aliases (to preserve interface compatibility). cc'd
> Dan and Karl since they are likely to be more familiar with how this is
> being used today by tools like system-config-selinux.
>
> Do you want to submit a patch or are you making a RFE?
>
> --
> Stephen Smalley
> National Security Agency
>
>
Here's a patch for the first versus last alias. I'm not sure yet about
needing all of the aliases.
Ted
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-04-10 19:13:48 UTC (rev 2337)
+++ trunk/policycoreutils/semanage/seobject.py 2007-04-12 15:48:54 UTC (rev 2338)
@@ -154,7 +154,8 @@
if len(i) != 2:
self.comments.append(r)
continue
- self.ddict[i[0]] = i[1]
+ if self.ddict.has_key(i[0]) == 0:
+ self.ddict[i[0]] = i[1]
def get_all(self):
return self.ddict
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-11 20:24:05
|
Revision: 2649
http://selinux.svn.sourceforge.net/selinux/?rev=2649&view=rev
Author: ssmalley
Date: 2007-10-11 13:24:03 -0700 (Thu, 11 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: deleteall added for ports and fcontext in semanage
Date: Sun, 07 Oct 2007 21:51:32 -0400
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-10-11 20:21:08 UTC (rev 2648)
+++ trunk/policycoreutils/semanage/seobject.py 2007-10-11 20:24:03 UTC (rev 2649)
@@ -139,7 +139,7 @@
translations = fd.readlines()
fd.close()
except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
+ raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
self.ddict = {}
self.comments = []
@@ -236,6 +236,9 @@
if rc < 0:
semanage_handle_destroy(self.sh)
raise ValueError(_("Could not establish semanage connection"))
+ def deleteall(self):
+ raise ValueError(_("Not yet implemented"))
+
class loginRecords(semanageRecords):
def __init__(self, store = ""):
@@ -776,6 +779,34 @@
semanage_port_key_free(k)
semanage_port_free(p)
+ def deleteall(self):
+ (rc, plist) = semanage_port_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the ports"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for port in plist:
+ proto = semanage_port_get_proto(port)
+ proto_str = semanage_port_get_proto_str(proto)
+ low = semanage_port_get_low(port)
+ high = semanage_port_get_high(port)
+ port_str = "%s-%s" % (low, high)
+ ( k, proto_d, low, high ) = self.__genkey(port_str , proto_str)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % port_str)
+
+ rc = semanage_port_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the port %s") % port_str)
+ semanage_port_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the %s") % port_str)
+
def delete(self, port, proto):
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc,exists) = semanage_port_exists(self.sh, k)
@@ -1175,6 +1206,32 @@
semanage_fcontext_key_free(k)
semanage_fcontext_free(fcontext)
+ def deleteall(self):
+ (rc, flist) = semanage_fcontext_list_local(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list the file contexts"))
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+ for fcontext in flist:
+ target = semanage_fcontext_get_expr(fcontext)
+ ftype = semanage_fcontext_get_type(fcontext)
+ ftype_str = semanage_fcontext_get_type_str(ftype)
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % target)
+
+ rc = semanage_fcontext_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+ semanage_fcontext_key_free(k)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete the file context %s") % target)
+
def delete(self, target, ftype):
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-12-07 19:59:03
|
Revision: 2700
http://selinux.svn.sourceforge.net/selinux/?rev=2700&view=rev
Author: ssmalley
Date: 2007-12-07 11:59:00 -0800 (Fri, 07 Dec 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils patch
Date: Thu, 06 Dec 2007 13:34:38 -0500
The second patch adds better handling of boolean to semanage. The
biggest improvement is the tool now extracts out the boolean description
when listing, making searching for a boolean easier.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-12-07 19:57:46 UTC (rev 2699)
+++ trunk/policycoreutils/semanage/seobject.py 2007-12-07 19:59:00 UTC (rev 2700)
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
+# Copyright (C) 2005, 2006, 2007 Red Hat
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -88,6 +88,35 @@
mylog = logger()
+import sys, os
+import re
+import xml.etree.ElementTree
+
+booleans_dict={}
+try:
+ tree=xml.etree.ElementTree.parse("/usr/share/selinux/devel/policy.xml")
+ for l in tree.findall("layer"):
+ for m in l.findall("module"):
+ for b in m.findall("tunable"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for b in m.findall("bool"):
+ desc = b.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[b.get('name')] = (m.get("name"), b.get('dftval'), desc)
+ for i in tree.findall("bool"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+ for i in tree.findall("tunable"):
+ desc = i.find("desc").find("p").text.strip("\n")
+ desc = re.sub("\n", " ", desc)
+ booleans_dict[i.get('name')] = (_("global"), i.get('dftval'), desc)
+except IOError, e:
+ #print _("Failed to translate booleans.\n%s") % e
+ pass
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1095,7 +1124,13 @@
return con
+ def validate(self, target):
+ if target == "" or target.find("\n") >= 0:
+ raise ValueError(_("Invalid file specification"))
+
def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
+ self.validate(target)
+
if is_mls_enabled == 1:
serange = untranslate(serange)
@@ -1154,6 +1189,7 @@
def modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
+ self.validate(target)
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
@@ -1328,11 +1364,14 @@
if value != "":
nvalue = int(value)
semanage_bool_set_value(b, nvalue)
+ else:
+ raise ValueError(_("You must specify a value"))
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
+ rc = semanage_bool_set_active(self.sh, k, b)
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
@@ -1416,11 +1455,25 @@
return ddict
+ def get_desc(self, boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
+ def get_category(self, boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][0])
+ else:
+ return _("unknown")
+
def list(self, heading = 1, locallist = 0):
+ on_off = (_("off"),_("on"))
if heading:
- print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") )
+ print "%-40s %s\n" % (_("SELinux boolean"), _("Description"))
ddict = self.get_all(locallist)
keys = ddict.keys()
for k in keys:
if ddict[k]:
- print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
+ print "%-30s -> %-5s %s" % (k, on_off[ddict[k][2]], self.get_desc(k))
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:12:53
|
Revision: 2868
http://selinux.svn.sourceforge.net/selinux/?rev=2868&view=rev
Author: ssmalley
Date: 2008-04-18 07:12:40 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: semanage man page updated for booleans
Date: Tue, 08 Apr 2008 09:59:02 -0400
[sds: some fixes to the entry, including mention of the
--on/--off/-1/-0 options and removal of the -T option as that
doesn't apply here.]
[sds: also add checking of return status to seobject.py for
set_active call]
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-04-18 14:00:16 UTC (rev 2867)
+++ trunk/policycoreutils/semanage/seobject.py 2008-04-18 14:12:40 UTC (rev 2868)
@@ -1377,7 +1377,9 @@
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
- rc = semanage_bool_set_active(self.sh, k, b)
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") % name)
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-05-16 13:28:18
|
Revision: 2882
http://selinux.svn.sourceforge.net/selinux/?rev=2882&view=rev
Author: ssmalley
Date: 2008-05-16 06:28:17 -0700 (Fri, 16 May 2008)
Log Message:
-----------
Remove the security_check_context() calls to validate prefixes
from seobject.py. They were incorrectly checking against the
host policy rather than the target policy, and hardcoding
policy knowledge.
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-05-16 13:07:58 UTC (rev 2881)
+++ trunk/policycoreutils/semanage/seobject.py 2008-05-16 13:28:17 UTC (rev 2882)
@@ -509,8 +509,6 @@
rc = semanage_user_set_mlslevel(self.sh, u, selevel)
if rc < 0:
raise ValueError(_("Could not set MLS level for %s") % name)
- if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
- raise ValueError(_("Invalid prefix %s") % prefix)
rc = semanage_user_set_prefix(self.sh, u, prefix)
if rc < 0:
raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -576,8 +574,6 @@
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "":
- if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
- raise ValueError(_("Invalid prefix %s") % prefix)
semanage_user_set_prefix(self.sh, u, prefix)
if len(roles) != 0:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X