* [ SEMANAGE ] Clear obsoleted objects
@ 2005-11-16 0:18 Ivan Gyurdiev
2005-11-16 14:18 ` Stephen Smalley
0 siblings, 1 reply; 7+ messages in thread
From: Ivan Gyurdiev @ 2005-11-16 0:18 UTC (permalink / raw)
To: SE Linux; +Cc: Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 1481 bytes --]
Get from here:
Preparing... ###########################################
[100%]
1:selinux-policy-targeted###########################################
[100%]
Attempting to install base module '/usr/share/selinux/targeted/base.pp':
Ok: return value of 0.
Committing changes:
libsepol.bool_update: boolean i18n_input_disable_trans no longer in policy
libsepol.bool_update: could not update boolean i18n_input_disable_trans
libsepol.sepol_bool_set: could not set boolean i18n_input_disable_trans
libsemanage.dbase_policydb_set: could not set record value
libsemanage.dbase_file_iterate: could not iterate over records
libsemanage.semanage_base_merge_components: could not merge local
modifications into policy
libsemanage.semanage_expand_sandbox: Unable to merge local modifications
into policy.
Failed!
to here:
Preparing... ###########################################
[100%]
1:selinux-policy-targeted###########################################
[100%]
Attempting to install base module '/usr/share/selinux/targeted/base.pp':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.
I really need to add some functions to the rtable that print out each
object (in a more sensible format than the one that's written to the
storage file), so we can report to the user what's being
obsoleted/changed - note that there's no messages in policy_components.c
for that reason. The TODO is related to "make libsemanage less verbose".
[-- Attachment #2: libsemanage.clear_obsolete.diff --]
[-- Type: text/x-patch, Size: 4550 bytes --]
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsemanage/src/boolean_internal.h new/libsemanage/src/boolean_internal.h
--- old/libsemanage/src/boolean_internal.h 2005-11-08 09:32:57.000000000 -0500
+++ new/libsemanage/src/boolean_internal.h 2005-11-15 19:03:24.000000000 -0500
@@ -13,4 +13,3 @@ hidden_proto(semanage_bool_key_extract)
hidden_proto(semanage_bool_key_free)
hidden_proto(semanage_bool_set_name)
hidden_proto(semanage_bool_set_value)
-
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsemanage/src/booleans_local.c new/libsemanage/src/booleans_local.c
--- old/libsemanage/src/booleans_local.c 2005-11-08 09:32:57.000000000 -0500
+++ new/libsemanage/src/booleans_local.c 2005-11-15 19:03:32.000000000 -0500
@@ -7,7 +7,6 @@ typedef semanage_bool_t record_t;
#define DBASE_RECORD_DEFINED
#include <stddef.h>
-#include <semanage/booleans_local.h>
#include "handle.h"
#include "database.h"
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsemanage/src/policy_components.c new/libsemanage/src/policy_components.c
--- old/libsemanage/src/policy_components.c 2005-11-10 08:42:41.000000000 -0500
+++ new/libsemanage/src/policy_components.c 2005-11-15 19:06:35.000000000 -0500
@@ -1,5 +1,6 @@
/* Copyright (C) 2005 Red Hat, Inc. */
+#include <stdlib.h>
#include "policy.h"
#include "handle.h"
#include "database.h"
@@ -10,6 +11,56 @@
#define MODE_SET 1
#define MODE_MODIFY 2
+static int clear_obsolete(
+ semanage_handle_t* handle,
+ dbase_config_t* src,
+ dbase_config_t* dst) {
+
+ record_key_t* key = NULL;
+ record_t** records = NULL;
+ size_t nrecords = 0;
+ size_t i;
+
+ dbase_table_t* src_dtable = src->dtable;
+ dbase_table_t* dst_dtable = dst->dtable;
+ record_table_t* rtable = src_dtable->get_rtable(src->dbase);
+
+ if (src_dtable->list(handle, src->dbase, &records, &nrecords) < 0)
+ goto err;
+
+ for (i = 0; i < nrecords; i++) {
+ int exists;
+
+ if (rtable->key_extract(handle, records[i], &key) < 0)
+ goto err;
+
+ if (dst_dtable->exists(handle, dst->dbase, key, &exists) < 0)
+ goto err;
+
+ if (!exists) {
+ if (src_dtable->del(handle, src->dbase, key) < 0)
+ goto err;
+
+ /* FIXME: notice to user */
+ /* INFO(handle, "boolean %s is obsolete, unsetting configured value..."); */
+ }
+ }
+
+ for (i=0; i < nrecords; i++)
+ rtable->free(records[i]);
+ free(records);
+ free(key);
+ return STATUS_SUCCESS;
+
+ err:
+ /* FIXME: handle error */
+ for (i=0; i < nrecords; i++)
+ rtable->free(records[i]);
+ free(records);
+ free(key);
+ return STATUS_ERR;
+}
+
typedef struct load_handler_arg {
semanage_handle_t* handle;
dbase_config_t* dconfig;
@@ -65,15 +116,14 @@ typedef struct load_table {
/* This function must be called AFTER all modules are loaded.
* Modules could be represented as a database, in which case
- * they should be loaded first, before the other components. */
+ * they should be loaded at the beginning of this function */
+
int semanage_base_merge_components(
semanage_handle_t* handle) {
int i;
load_table_t components[] = {
- /* FIXME: modules */
-
{ semanage_user_dbase_local(handle),
semanage_user_dbase_policy(handle), MODE_MODIFY },
#if 0
@@ -104,6 +154,11 @@ int semanage_base_merge_components(
if (to->dtable->cache(handle, to->dbase) < 0)
goto err;
+
+ /* Clear obsolete items for MODE_SET */
+ if (components[i].mode == MODE_SET)
+ if (clear_obsolete(handle, from, to) < 0)
+ goto err;
/* Now iterate */
if (from->dtable->iterate(
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsemanage/src/semanage_store.c new/libsemanage/src/semanage_store.c
--- old/libsemanage/src/semanage_store.c 2005-11-15 08:06:18.000000000 -0500
+++ new/libsemanage/src/semanage_store.c 2005-11-15 19:03:42.000000000 -0500
@@ -1389,10 +1389,8 @@ int semanage_expand_sandbox(semanage_han
dbase_policydb_detach(semanage_iface_dbase_policy(sh)->dbase);
dbase_policydb_detach(semanage_bool_dbase_policy(sh)->dbase);
- if (retval < 0) {
- ERR(sh, "Unable to merge local modifications into policy.");
+ if (retval < 0)
goto cleanup;
- }
if ((kernel_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL)) == NULL) {
goto cleanup;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ SEMANAGE ] Clear obsoleted objects
2005-11-16 0:18 [ SEMANAGE ] Clear obsoleted objects Ivan Gyurdiev
@ 2005-11-16 14:18 ` Stephen Smalley
2005-11-16 14:31 ` Ivan Gyurdiev
2005-11-17 16:04 ` Please tell semodule to shut up???? Daniel J Walsh
0 siblings, 2 replies; 7+ messages in thread
From: Stephen Smalley @ 2005-11-16 14:18 UTC (permalink / raw)
To: Ivan Gyurdiev; +Cc: SE Linux
On Tue, 2005-11-15 at 19:18 -0500, Ivan Gyurdiev wrote:
> Get from here:
> Preparing... ###########################################
> [100%]
> 1:selinux-policy-targeted###########################################
> [100%]
> Attempting to install base module '/usr/share/selinux/targeted/base.pp':
> Ok: return value of 0.
> Committing changes:
> libsepol.bool_update: boolean i18n_input_disable_trans no longer in policy
> libsepol.bool_update: could not update boolean i18n_input_disable_trans
> libsepol.sepol_bool_set: could not set boolean i18n_input_disable_trans
> libsemanage.dbase_policydb_set: could not set record value
> libsemanage.dbase_file_iterate: could not iterate over records
> libsemanage.semanage_base_merge_components: could not merge local
> modifications into policy
> libsemanage.semanage_expand_sandbox: Unable to merge local modifications
> into policy.
> Failed!
>
> to here:
>
> Preparing... ###########################################
> [100%]
> 1:selinux-policy-targeted###########################################
> [100%]
> Attempting to install base module '/usr/share/selinux/targeted/base.pp':
> Ok: return value of 0.
> Committing changes:
> Ok: transaction number 0.
>
> I really need to add some functions to the rtable that print out each
> object (in a more sensible format than the one that's written to the
> storage file), so we can report to the user what's being
> obsoleted/changed - note that there's no messages in policy_components.c
> for that reason. The TODO is related to "make libsemanage less verbose".
Thanks, merged as of libsemanage 1.3.55.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ SEMANAGE ] Clear obsoleted objects
2005-11-16 14:18 ` Stephen Smalley
@ 2005-11-16 14:31 ` Ivan Gyurdiev
2005-11-16 14:39 ` Stephen Smalley
2005-11-17 16:04 ` Please tell semodule to shut up???? Daniel J Walsh
1 sibling, 1 reply; 7+ messages in thread
From: Ivan Gyurdiev @ 2005-11-16 14:31 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SE Linux
>
> Thanks, merged as of libsemanage 1.3.55.
>
I just found a bug ... should be using rtable->key_free(key), not free(key).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ SEMANAGE ] Clear obsoleted objects
2005-11-16 14:31 ` Ivan Gyurdiev
@ 2005-11-16 14:39 ` Stephen Smalley
0 siblings, 0 replies; 7+ messages in thread
From: Stephen Smalley @ 2005-11-16 14:39 UTC (permalink / raw)
To: Ivan Gyurdiev; +Cc: SE Linux
On Wed, 2005-11-16 at 09:31 -0500, Ivan Gyurdiev wrote:
> >
> > Thanks, merged as of libsemanage 1.3.55.
> >
> I just found a bug ... should be using rtable->key_free(key), not free(key).
Ok.
Index: libsemanage/src/policy_components.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsemanage/src/policy_components.c,v
retrieving revision 1.14
diff -u -p -r1.14 policy_components.c
--- libsemanage/src/policy_components.c 16 Nov 2005 13:49:15 -0000 1.14
+++ libsemanage/src/policy_components.c 16 Nov 2005 14:36:06 -0000
@@ -49,7 +49,7 @@ static int clear_obsolete(
for (i=0; i < nrecords; i++)
rtable->free(records[i]);
free(records);
- free(key);
+ rtable->key_free(key);
return STATUS_SUCCESS;
err:
@@ -57,7 +57,7 @@ static int clear_obsolete(
for (i=0; i < nrecords; i++)
rtable->free(records[i]);
free(records);
- free(key);
+ rtable->key_free(key);
return STATUS_ERR;
}
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Please tell semodule to shut up????
2005-11-16 14:18 ` Stephen Smalley
2005-11-16 14:31 ` Ivan Gyurdiev
@ 2005-11-17 16:04 ` Daniel J Walsh
2005-11-17 16:20 ` Daniel J Walsh
2005-11-17 17:09 ` Joshua Brindle
1 sibling, 2 replies; 7+ messages in thread
From: Daniel J Walsh @ 2005-11-17 16:04 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SE Linux
[-- Attachment #1: Type: text/plain, Size: 8 bytes --]
--
[-- Attachment #2: policycoreutils-verbose.patch --]
[-- Type: text/x-patch, Size: 13057 bytes --]
--- policycoreutils-1.27.28/audit2allow/audit2allow~ 2005-11-16 22:51:28.000000000 -0500
+++ policycoreutils-1.27.28/audit2allow/audit2allow 2005-11-17 10:26:24.000000000 -0500
@@ -65,6 +65,7 @@
ret=ret+"NAME=%s " % x[2]
ret=ret + " : " + i
return ret
+
def gettarget(self):
if self.source == self.target:
return "self"
@@ -75,12 +76,15 @@
def __init__(self, input, last_reload=0, verbose=0):
self.last_reload=last_reload
self.allowRules={}
- line = input.readline()
- avc=[]
- found=0
self.seclasses={}
self.types=[]
self.roles=[]
+ self.load(input)
+
+ def load(self, input):
+ avc=[]
+ found=0
+ line = input.readline()
while line:
rec=line.split()
for i in rec:
@@ -94,6 +98,7 @@
avc=[]
line = input.readline()
+
def add(self,avc):
scon=""
tcon=""
@@ -172,23 +177,25 @@
if type not in self.types:
self.types.append(type)
- def module_out(self, module):
+ def gen_module(self, module):
+ return "module %s 1.0;" % module
+
+ def gen_requires(self):
self.roles.sort()
self.types.sort()
keys=self.seclasses.keys()
keys.sort()
- rec="module %s 1.0;" % module
- rec+="\n\nrequire {\n"
+ rec="\n\nrequire {\n"
for i in self.roles:
rec += "\trole %s; \n" % i
rec += "\n\n"
for i in keys:
access=self.seclasses[i]
access.sort()
- rec+="\tclass %s { " % i
+ rec += "\tclass %s { " % i
for a in access:
- rec+=" %s" % a
- rec+=" }; \n"
+ rec += " %s" % a
+ rec += " }; \n"
rec += "\n\n"
for i in self.types:
@@ -196,65 +203,135 @@
rec += " };\n\n\n"
return rec
- def out(self, module):
+ def out(self, require=0, module=""):
rec=""
+ if len(self.allowRules.keys())==0:
+ raise(ValueError("No AVC messages found."))
if module!="":
- rec+=self.module_out(module)
+ rec += self.gen_module(module)
+ rec += self.gen_requires()
+ else:
+ if requires:
+ rec+=self.gen_requires()
+
for i in self.allowRules.keys():
rec += self.allowRules[i].out(verbose)+"\n"
return rec
-def usage():
- print 'audit2allow [-d] [-v] [-l] [-i <inputfile> ] [-o <outputfile>]\n\
- -d read input from output of /bin/dmesg\n\
- -v verbose output\n\
- -l read input only after last \"load_policy\"\n\
- -i read input from <inputfile>\n\
- -m module output <modulename>\n\
- -o append output to <outputfile>\n'
- sys.exit(1)
-
-def errorExit(error):
- sys.stderr.write("%s exiting for: " % sys.argv[0])
- sys.stderr.write("%s\n" % error)
- sys.stderr.flush()
- sys.exit(1)
-
-#
-# This script will generate home dir file context
-# based off the homedir_template file, entries in the password file, and
-#
-try:
- last_reload=0
- input=sys.stdin
- output=sys.stdout
- module=""
- verbose=0
- gopts, cmds = getopt.getopt(sys.argv[1:], 'vdo:hli:m:', ['help',
- 'last_reload='])
- for o,a in gopts:
- if o == '--last_reload' or o == "-l":
- last_reload=1
- if o == "-v":
- verbose=1
- if o == "-i":
- input=open(a, "r")
- if o == "-m":
- module=a
- if o == '--help':
- usage()
- if o == "-d":
- input=os.popen("/bin/dmesg", "r")
- if o == "-o":
- output=open(a, "a")
- if len(cmds) != 0:
- usage()
- out=allowRecords(input, last_reload, verbose)
- output.write(out.out(module))
-
-except getopt.error, error:
- errorExit(string.join("Options Error ", error))
-except ValueError, error:
- errorExit(string.join("ValueError ", error))
-except KeyboardInterrupt, error:
- sys.exit(0)
+if __name__ == '__main__':
+
+ def usage():
+ print 'audit2allow [-adhilrv] [-i <inputfile> ] [[-m|-M] <modulename> ] [-o <outputfile>]\n\
+ -a, --all read input from audit and message log, conflicts with -i\n\
+ -d, --dmesg read input from output of /bin/dmesg\n\
+ -h, --help display this message\n\
+ -i, --input read input from <inputfile> conflicts with -a\n\
+ -l, --lastreload read input only after last \"load_policy\"\n\
+ -m, --module generate module/require output <modulename> \n\
+ -M generate loadable module package, conflicts with -o\n\
+ -o, --output append output to <outputfile>, conflicts with -M\n\
+ -r, --requires generate require output \n\
+ -v, --verbose verbose output\n\
+ '
+ sys.exit(1)
+
+ def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
+ #
+ #
+ #
+ try:
+ last_reload=0
+ input=sys.stdin
+ output=sys.stdout
+ module=""
+ requires=0
+ verbose=0
+ auditlogs=0
+ buildPP=0
+ input_ind=0
+ output_ind=0
+ gopts, cmds = getopt.getopt(sys.argv[1:],
+ 'adhi:lm:M:o:rv',
+ ['all',
+ 'dmesg',
+ 'help',
+ 'input=',
+ 'lastreload',
+ 'module=',
+ 'output=',
+ 'requires'
+ 'verbose'
+ ])
+ for o,a in gopts:
+ if o == "-a" or o == "--all":
+ if input_ind:
+ usage()
+ input=open("/var/log/messages", "r")
+ auditlogs=1
+ if o == "-d" or o == "--dmesg":
+ input=os.popen("/bin/dmesg", "r")
+ if o == "-h" or o == "--help":
+ usage()
+ if o == "-i"or o == "--input":
+ if auditlogs:
+ usage()
+ input_ind=1
+ input=open(a, "r")
+ if o == '--lastreload' or o == "-l":
+ last_reload=1
+ if o == "-m" or o == "--module":
+ if module != "":
+ usage()
+ module=a
+ if o == "-M":
+ if module != "" or output_ind:
+ usage()
+ module=a
+ outfile=a+".te"
+ buildPP=1
+ output=open(outfile, "w")
+ if o == "-r" or o == "--requires":
+ requires=1
+ if o == "-o" or o == "--output":
+ if module != "":
+ usage()
+ output=open(a, "a")
+ output_ind=1
+ if o == "-v" or o == "--verbose":
+ verbose=1
+ if len(cmds) != 0:
+ usage()
+ out=allowRecords(input, last_reload, verbose)
+ if auditlogs:
+ input=open("/var/log/audit/audit.log", "r")
+ out.load(input)
+ if buildPP:
+ print ("Generating type enforcment file: %s.te" % module)
+ output.write(out.out(requires, module))
+ if buildPP:
+ print ("Compiling policy: checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ rc=commands.getstatusoutput("checkmodule -M -m -o %s.mod %s.te" % (module, module))
+ if rc[0]==0:
+ print ("Building package: semodule_package -o %s.pp -m %s.mod" % (module, module))
+ rc=commands.getstatusoutput("semodule_package -o %s.pp -m %s.mod" % (module, module))
+ if rc[0]==0:
+ print ("\n*************** IMPORTANT ***********************\n")
+ print ("In order to load this newly created policy package,\nyou are required to execute \n\n\"semodule -i %s.pp\"\n\nto load the policy\n" % module)
+ else:
+ errorExit(rc[1])
+ else:
+ errorExit(rc[1])
+
+ except getopt.error, error:
+ errorExit("Options Error " + error.msg)
+ except ValueError, error:
+ errorExit(error.args[0])
+ except IOError, error:
+ errorExit(error.args[1])
+ except KeyboardInterrupt, error:
+ sys.exit(0)
--- policycoreutils-1.27.28/semodule/semodule.c~ 2005-11-16 15:39:03.000000000 -0500
+++ policycoreutils-1.27.28/semodule/semodule.c 2005-11-17 11:02:35.000000000 -0500
@@ -38,7 +38,7 @@
static int num_commands = 0;
/* options given on command line */
-static int quiet;
+static int verbose;
static int reload;
static int no_reload;
static int build;
@@ -122,7 +122,7 @@
printf(" -s,--store name of the store to operate on\n");
printf(" -n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
- printf(" -q,--quiet be quiet\n");
+ printf(" -v,--verbose be verbose\n");
}
/* Sets the global mode variable to new_mode, but only if no other
@@ -157,7 +157,7 @@
{"help", 0, NULL, 'h'},
{"install", required_argument, NULL, 'i'},
{"list-modules", 0, NULL, 'l'},
- {"quiet", 0, NULL, 'q'},
+ {"verbose", 0, NULL, 'v'},
{"remove", required_argument, NULL, 'r'},
{"upgrade", required_argument, NULL, 'u'},
{"reload", 0, NULL, 'R'},
@@ -166,7 +166,7 @@
{NULL, 0, NULL, 0}
};
int i;
- quiet = 0;
+ verbose = 0;
reload = 0;
no_reload = 0;
while ((i = getopt_long(argc, argv, "s:b:hi:lqr:u:RnB", opts, NULL)) != -1) {
@@ -175,7 +175,7 @@
case 'h': usage(argv[0]); exit(0);
case 'i': set_mode(INSTALL_M, optarg); break;
case 'l': set_mode(LIST_M, NULL); break;
- case 'q': quiet = 1; break;
+ case 'v': verbose = 1; break;
case 'r': set_mode(REMOVE_M, optarg); break;
case 'u': set_mode(UPGRADE_M,optarg); break;
case 's': set_store(optarg); break;
@@ -266,28 +266,28 @@
}
switch (mode) {
case INSTALL_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to install module '%s':\n", mode_arg);
}
result = semanage_module_install(sh, data, data_len);
break;
}
case UPGRADE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to upgrade module '%s':\n", mode_arg);
}
result = semanage_module_upgrade(sh, data, data_len);
break;
}
case BASE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to install base module '%s':\n", mode_arg);
}
result = semanage_module_install_base(sh, data, data_len);
break;
}
case REMOVE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to remove module '%s':\n", mode_arg);
}
result = semanage_module_remove(sh, mode_arg);
@@ -296,7 +296,7 @@
case LIST_M: {
semanage_module_info_t *modinfo;
int num_modules;
- if (!quiet) {
+ if (verbose) {
printf("Attempting to list active modules:\n");
}
if ((result = semanage_module_list(sh, &modinfo, &num_modules)) >= 0) {
@@ -328,13 +328,13 @@
fprintf(stderr, "Failed!\n");
goto cleanup;
}
- else if (!quiet) {
+ else if (verbose) {
printf("Ok: return value of %d.\n", result);
}
}
if (commit) {
- if (!quiet) {
+ if (verbose) {
printf("Committing changes:\n");
}
if (no_reload) {
@@ -347,7 +347,7 @@
fprintf(stderr, "Failed!\n");
goto cleanup;
}
- else if (commit && !quiet) {
+ else if (commit && verbose) {
printf("Ok: transaction number %d.\n", result);
}
--- policycoreutils-1.27.28/scripts/genhomedircon~ 2005-11-16 22:33:25.000000000 -0500
+++ policycoreutils-1.27.28/scripts/genhomedircon 2005-11-16 23:21:23.000000000 -0500
@@ -65,12 +65,7 @@
homedir = homedir.strip()
if not homedir in ret:
ret.append(homedir)
- else:
- #rc[0] == 256 means the file was there, we read it, but the grep didn't match
- if rc[0] != 256:
- sys.stderr.write("%s\n" % rc[1])
- sys.stderr.write("You do not have access to /etc/default/useradd HOME=\n")
- sys.stderr.flush()
+
rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
if rc[0] == 0:
homedir = rc[1].split("=")[1]
@@ -78,12 +73,7 @@
homedir = homedir.strip()
if not homedir in ret:
ret.append(homedir)
- else:
- #rc[0] == 256 means the file was there, we read it, but the grep didn't match
- if rc[0] != 256:
- sys.stderr.write("%s\n" % rc[1])
- sys.stderr.write("You do not have access to /etc/libuser.conf LU_HOMEDIRECTORY=\n")
- sys.stderr.flush()
+
if ret == []:
ret.append("/home")
return ret
@@ -242,9 +232,8 @@
if rc[0] == 0:
prefix_regex = rc[1].split("\n")
else:
- sys.stderr.write("%s\n" % rc[1])
- sys.stderr.write("You do not have access to grep/cut/the file contexts\n")
- sys.stderr.flush()
+ warning("%s\nYou do not have access to read %s\n" % (rc[1], self.getFileContectFile()))
+
exists=1
for regex in prefix_regex:
#match a trailing (/*)? which is actually a bug in rpc_pipefs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Please tell semodule to shut up????
2005-11-17 16:04 ` Please tell semodule to shut up???? Daniel J Walsh
@ 2005-11-17 16:20 ` Daniel J Walsh
2005-11-17 17:09 ` Joshua Brindle
1 sibling, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2005-11-17 16:20 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SE Linux
[-- Attachment #1: Type: text/plain, Size: 19 bytes --]
Wrong patch
--
[-- Attachment #2: policycoreutils-verbose.patch --]
[-- Type: text/x-patch, Size: 4519 bytes --]
--- policycoreutils-1.27.28/semodule/semodule.c~ 2005-11-16 15:39:03.000000000 -0500
+++ policycoreutils-1.27.28/semodule/semodule.c 2005-11-17 11:02:35.000000000 -0500
@@ -38,7 +38,7 @@
static int num_commands = 0;
/* options given on command line */
-static int quiet;
+static int verbose;
static int reload;
static int no_reload;
static int build;
@@ -122,7 +122,7 @@
printf(" -s,--store name of the store to operate on\n");
printf(" -n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
- printf(" -q,--quiet be quiet\n");
+ printf(" -v,--verbose be verbose\n");
}
/* Sets the global mode variable to new_mode, but only if no other
@@ -157,7 +157,7 @@
{"help", 0, NULL, 'h'},
{"install", required_argument, NULL, 'i'},
{"list-modules", 0, NULL, 'l'},
- {"quiet", 0, NULL, 'q'},
+ {"verbose", 0, NULL, 'v'},
{"remove", required_argument, NULL, 'r'},
{"upgrade", required_argument, NULL, 'u'},
{"reload", 0, NULL, 'R'},
@@ -166,7 +166,7 @@
{NULL, 0, NULL, 0}
};
int i;
- quiet = 0;
+ verbose = 0;
reload = 0;
no_reload = 0;
while ((i = getopt_long(argc, argv, "s:b:hi:lqr:u:RnB", opts, NULL)) != -1) {
@@ -175,7 +175,7 @@
case 'h': usage(argv[0]); exit(0);
case 'i': set_mode(INSTALL_M, optarg); break;
case 'l': set_mode(LIST_M, NULL); break;
- case 'q': quiet = 1; break;
+ case 'v': verbose = 1; break;
case 'r': set_mode(REMOVE_M, optarg); break;
case 'u': set_mode(UPGRADE_M,optarg); break;
case 's': set_store(optarg); break;
@@ -266,28 +266,28 @@
}
switch (mode) {
case INSTALL_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to install module '%s':\n", mode_arg);
}
result = semanage_module_install(sh, data, data_len);
break;
}
case UPGRADE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to upgrade module '%s':\n", mode_arg);
}
result = semanage_module_upgrade(sh, data, data_len);
break;
}
case BASE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to install base module '%s':\n", mode_arg);
}
result = semanage_module_install_base(sh, data, data_len);
break;
}
case REMOVE_M: {
- if (!quiet) {
+ if (verbose) {
printf("Attempting to remove module '%s':\n", mode_arg);
}
result = semanage_module_remove(sh, mode_arg);
@@ -296,7 +296,7 @@
case LIST_M: {
semanage_module_info_t *modinfo;
int num_modules;
- if (!quiet) {
+ if (verbose) {
printf("Attempting to list active modules:\n");
}
if ((result = semanage_module_list(sh, &modinfo, &num_modules)) >= 0) {
@@ -328,13 +328,13 @@
fprintf(stderr, "Failed!\n");
goto cleanup;
}
- else if (!quiet) {
+ else if (verbose) {
printf("Ok: return value of %d.\n", result);
}
}
if (commit) {
- if (!quiet) {
+ if (verbose) {
printf("Committing changes:\n");
}
if (no_reload) {
@@ -347,7 +347,7 @@
fprintf(stderr, "Failed!\n");
goto cleanup;
}
- else if (commit && !quiet) {
+ else if (commit && verbose) {
printf("Ok: transaction number %d.\n", result);
}
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Please tell semodule to shut up????
2005-11-17 16:04 ` Please tell semodule to shut up???? Daniel J Walsh
2005-11-17 16:20 ` Daniel J Walsh
@ 2005-11-17 17:09 ` Joshua Brindle
1 sibling, 0 replies; 7+ messages in thread
From: Joshua Brindle @ 2005-11-17 17:09 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: Stephen Smalley, SE Linux
Daniel J Walsh wrote:
<snip>
> - {"quiet", 0, NULL, 'q'},
> + {"verbose", 0, NULL, 'v'},
Why not just run -q in audit2allow, the rpm, etc? I don't understand why
a patch is necessary when the flag for the behavior you want already
exists.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-11-17 17:09 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-16 0:18 [ SEMANAGE ] Clear obsoleted objects Ivan Gyurdiev
2005-11-16 14:18 ` Stephen Smalley
2005-11-16 14:31 ` Ivan Gyurdiev
2005-11-16 14:39 ` Stephen Smalley
2005-11-17 16:04 ` Please tell semodule to shut up???? Daniel J Walsh
2005-11-17 16:20 ` Daniel J Walsh
2005-11-17 17:09 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.