--- seobject.py 2006-04-14 20:36:08.000000000 +1000 +++ /usr/lib/python2.4/site-packages/seobject.py 2006-04-14 20:56:04.000000000 +1000 @@ -381,7 +381,7 @@ def __init__(self): semanageRecords.__init__(self) - def add(self, name, roles, selevel, serange): + def add(self, name, roles, selevel, serange, prefix): if is_mls_enabled == 1: if serange == "": serange = "s0" @@ -427,6 +427,9 @@ if rc < 0: raise ValueError("Could not set MLS level for %s" % name) + rc = semanage_user_set_prefix(self.sh, u, prefix) + if rc < 0: + raise ValueError("Could not add prefix %s for %s" % (r, prefix)) (rc,key) = semanage_user_key_extract(self.sh,u) if rc < 0: raise ValueError("Could not extract key for %s" % name) @@ -451,13 +454,13 @@ semanage_user_key_free(k) semanage_user_free(u) - def modify(self, name, roles = [], selevel = "", serange = ""): + def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""): try: - if len(roles) == 0 and serange == "" and selevel == "": + if prefix == "" and len(roles) == 0 and serange == "" and selevel == "": if is_mls_enabled == 1: - raise ValueError("Requires roles, level or range") + raise ValueError("Requires prefix, roles, level or range") else: - raise ValueError("Requires roles") + raise ValueError("Requires prefix or roles") (rc,k) = semanage_user_key_create(self.sh, name) if rc < 0: @@ -478,6 +481,9 @@ if selevel != "": semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) + if prefix != "": + semanage_user_set_prefix(self.sh, u, prefix) + if len(roles) != 0: for r in roles: semanage_user_add_role(self.sh, u, r) --- semanage 2006-04-14 20:46:23.000000000 +1000 +++ /usr/sbin/semanage 2006-04-14 20:56:56.000000000 +1000 @@ -32,7 +32,7 @@ print '\ semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ semanage login -{a|d|m} [-sr] login_name\n\ -semanage user -{a|d|m} [-LrR] selinux_name\n\ +semanage user -{a|d|m} [-LrRP] selinux_name\n\ semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\ semanage interface -{a|d|m} [-tr] interface_spec\n\ semanage fcontext -{a|d|m} [-frst] file_spec\n\ @@ -60,6 +60,7 @@ -p (named pipe) \n\n\ \ -p, --proto Port protocol (tcp or udp)\n\ + -P, --prefix Prefix for home directory labeling\n\ -L, --level Default SELinux Level (MLS/MCS Systems only)\n\ -R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\ -T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\ @@ -83,7 +84,7 @@ valid_option["login"] = [] valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range'] valid_option["user"] = [] - valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles' ] + valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ] valid_option["port"] = [] valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--protocol' ] valid_option["interface"] = [] @@ -109,6 +110,7 @@ setrans = "" roles = "" seuser = "" + prefix = "" heading=1 add = 0 @@ -126,7 +128,7 @@ args = sys.argv[2:] gopts, cmds = getopt.getopt(args, - 'adf:lhmnp:s:R:L:r:t:T:', + 'adf:lhmnp:s:R:L:r:t:T:P:', ['add', 'delete', 'ftype=', @@ -140,7 +142,8 @@ 'level=', 'roles=', 'type=', - 'trans=' + 'trans=', + 'prefix=' ]) for o, a in gopts: if o not in option_dict[object]: @@ -185,6 +188,9 @@ if o == "-p" or o == '--proto': proto = a + if o == "-P" or o == '--prefix': + prefix = a + if o == "-R" or o == '--roles': roles = roles + " " + a @@ -235,7 +241,7 @@ rlist = roles.split() if len(rlist) == 0: raise ValueError("You must specify a role") - OBJECT.add(target, rlist, selevel, serange) + OBJECT.add(target, rlist, selevel, serange, prefix) if object == "port": OBJECT.add(target, proto, serange, setype)