* Remove setrans management from semanage
@ 2009-09-30 18:07 Daniel J Walsh
2009-11-10 22:36 ` Chad Sellers
0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2009-09-30 18:07 UTC (permalink / raw)
To: SE Linux
[-- Attachment #1: Type: text/plain, Size: 174 bytes --]
This will not work correctly using the current mcstrans code base. I believe an admin has to edit this code directly and probably should have never been added to semanage.
[-- Attachment #2: setrans.patch --]
[-- Type: text/plain, Size: 6836 bytes --]
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 2285489..ffaca5b 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -44,14 +44,13 @@ if __name__ == '__main__':
text = _("""
semanage [ -S store ] -i [ input_file | - ]
-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-frst] file_spec
-semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
semanage dontaudit [ on | off ]
@@ -88,8 +87,6 @@ Object-specific Options (see above):
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
- -T, --trans SELinux Level Translation (MLS/MCS Systems only)
-
-s, --seuser SELinux User Name
-t, --type SELinux Type for the object
-r, --range MLS/MCS Security Range (MLS/MCS Systems only)
@@ -118,8 +115,6 @@ Object-specific Options (see above):
valid_option["fcontext"] = []
valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["dontaudit"] = [ '-S', '--store' ]
- valid_option["translation"] = []
- valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
@@ -180,7 +175,6 @@ Object-specific Options (see above):
selevel = ""
setype = ""
ftype = ""
- setrans = ""
roles = ""
seuser = ""
prefix = "user"
@@ -203,7 +197,7 @@ Object-specific Options (see above):
args = argv[1:]
gopts, cmds = getopt.getopt(args,
- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
+ '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
['add',
'delete',
'deleteall',
@@ -225,7 +219,6 @@ Object-specific Options (see above):
'level=',
'roles=',
'type=',
- 'trans=',
'prefix=',
'mask='
])
@@ -297,9 +290,6 @@ Object-specific Options (see above):
if o == "-t" or o == "--type":
setype = a
- if o == "-T" or o == "--trans":
- setrans = a
-
if o == "--on" or o == "-1":
value = "on"
if o == "--off" or o == "-0":
@@ -326,9 +316,6 @@ Object-specific Options (see above):
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
- if object == "translation":
- OBJECT = seobject.setransRecords()
-
if object == "permissive":
OBJECT = seobject.permissiveRecords(store)
@@ -358,9 +345,6 @@ Object-specific Options (see above):
if object == "login":
OBJECT.add(target, seuser, serange)
- if object == "translation":
- OBJECT.add(target, setrans)
-
if object == "user":
OBJECT.add(target, roles.split(), selevel, serange, prefix)
@@ -387,9 +371,6 @@ Object-specific Options (see above):
if object == "login":
OBJECT.modify(target, seuser, serange)
- if object == "translation":
- OBJECT.modify(target, setrans)
-
if object == "user":
rlist = roles.split()
OBJECT.modify(target, rlist, selevel, serange, prefix)
@@ -457,7 +438,6 @@ Object-specific Options (see above):
'level=',
'roles=',
'type=',
- 'trans=',
'prefix='
])
for o, a in gopts:
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 3272a12..7c94da0 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -195,88 +195,6 @@ def untranslate(trans, prepend = 1):
else:
return raw
-class setransRecords:
- def __init__(self):
- self.filename = selinux.selinux_translations_path()
- try:
- fd = open(self.filename, "r")
- translations = fd.readlines()
- fd.close()
- except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
-
- self.ddict = {}
- self.comments = []
- for r in translations:
- if len(r) == 0:
- continue
- i = r.strip()
- if i == "" or i[0] == "#":
- self.comments.append(r)
- continue
- i = i.split("=")
- if len(i) != 2:
- self.comments.append(r)
- continue
- if self.ddict.has_key(i[0]) == 0:
- self.ddict[i[0]] = i[1]
-
- def get_all(self):
- return self.ddict
-
- def out(self):
- rec = ""
- for c in self.comments:
- rec += c
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- rec += "%s=%s\n" % (k, self.ddict[k])
- return rec
-
- def list(self, heading = 1, locallist = 0):
- if heading:
- print "\n%-25s %s\n" % (_("Level"), _("Translation"))
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- print "%-25s %s" % (k, self.ddict[k])
-
- def add(self, raw, trans):
- if trans.find(" ") >= 0:
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
-
- if validate_level(raw) == None:
- raise ValueError(_("Invalid Level '%s' ") % raw)
-
- if self.ddict.has_key(raw):
- raise ValueError(_("%s already defined in translations") % raw)
- else:
- self.ddict[raw] = trans
- self.save()
-
- def modify(self, raw, trans):
- if trans.find(" ") >= 0:
-
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
- if self.ddict.has_key(raw):
- self.ddict[raw] = trans
- else:
- raise ValueError(_("%s not defined in translations") % raw)
- self.save()
-
- def delete(self, raw):
- self.ddict.pop(raw)
- self.save()
-
- def save(self):
- (fd, newfilename) = tempfile.mkstemp('', self.filename)
- os.write(fd, self.out())
- os.close(fd)
- os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
- os.rename(newfilename, self.filename)
- os.system("/sbin/service mcstrans reload > /dev/null")
-
class semanageRecords:
def __init__(self, store):
global handle
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: Remove setrans management from semanage
2009-09-30 18:07 Remove setrans management from semanage Daniel J Walsh
@ 2009-11-10 22:36 ` Chad Sellers
0 siblings, 0 replies; 2+ messages in thread
From: Chad Sellers @ 2009-11-10 22:36 UTC (permalink / raw)
To: Daniel J Walsh, SE Linux
On 9/30/09 2:07 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
> This will not work correctly using the current mcstrans code base. I believe
> an admin has to edit this code directly and probably should have never been
> added to semanage.
>
Acked-by: Chad Sellers <csellers@tresys.com>
I'll update the man page as well.
> diff --git a/policycoreutils/semanage/semanage
> b/policycoreutils/semanage/semanage
> index 2285489..ffaca5b 100644
> --- a/policycoreutils/semanage/semanage
> +++ b/policycoreutils/semanage/semanage
> @@ -44,14 +44,13 @@ if __name__ == '__main__':
> text = _("""
> semanage [ -S store ] -i [ input_file | - ]
>
> -semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D}
> [-n]
> +semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
> semanage login -{a|d|m} [-sr] login_name | %groupname
> semanage user -{a|d|m} [-LrRP] selinux_name
> semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
> semanage interface -{a|d|m} [-tr] interface_spec
> semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
> semanage fcontext -{a|d|m} [-frst] file_spec
> -semanage translation -{a|d|m} [-T] level
> semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
> semanage permissive -{d|a} type
> semanage dontaudit [ on | off ]
> @@ -88,8 +87,6 @@ Object-specific Options (see above):
> -P, --prefix Prefix for home directory labeling
> -L, --level Default SELinux Level (MLS/MCS Systems only)
> -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
> - -T, --trans SELinux Level Translation (MLS/MCS Systems only)
> -
> -s, --seuser SELinux User Name
> -t, --type SELinux Type for the object
> -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
> @@ -118,8 +115,6 @@ Object-specific Options (see above):
> valid_option["fcontext"] = []
> valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s',
> '--seuser', '-t', '--type', '-r', '--range']
> valid_option["dontaudit"] = [ '-S', '--store' ]
> - valid_option["translation"] = []
> - valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
> valid_option["boolean"] = []
> valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1",
> "-0", "-F", "--file"]
> valid_option["permissive"] = []
> @@ -180,7 +175,6 @@ Object-specific Options (see above):
> selevel = ""
> setype = ""
> ftype = ""
> - setrans = ""
> roles = ""
> seuser = ""
> prefix = "user"
> @@ -203,7 +197,7 @@ Object-specific Options (see above):
> args = argv[1:]
>
> gopts, cmds = getopt.getopt(args,
> - '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
> + '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
> ['add',
> 'delete',
> 'deleteall',
> @@ -225,7 +219,6 @@ Object-specific Options (see above):
> 'level=',
> 'roles=',
> 'type=',
> - 'trans=',
> 'prefix=',
> 'mask='
> ])
> @@ -297,9 +290,6 @@ Object-specific Options (see above):
> if o == "-t" or o == "--type":
> setype = a
>
> - if o == "-T" or o == "--trans":
> - setrans = a
> -
> if o == "--on" or o == "-1":
> value = "on"
> if o == "--off" or o == "-0":
> @@ -326,9 +316,6 @@ Object-specific Options (see above):
> if object == "boolean":
> OBJECT = seobject.booleanRecords(store)
>
> - if object == "translation":
> - OBJECT = seobject.setransRecords()
> -
> if object == "permissive":
> OBJECT = seobject.permissiveRecords(store)
>
> @@ -358,9 +345,6 @@ Object-specific Options (see above):
> if object == "login":
> OBJECT.add(target, seuser, serange)
>
> - if object == "translation":
> - OBJECT.add(target, setrans)
> -
> if object == "user":
> OBJECT.add(target, roles.split(), selevel, serange, prefix)
>
> @@ -387,9 +371,6 @@ Object-specific Options (see above):
> if object == "login":
> OBJECT.modify(target, seuser, serange)
>
> - if object == "translation":
> - OBJECT.modify(target, setrans)
> -
> if object == "user":
> rlist = roles.split()
> OBJECT.modify(target, rlist, selevel, serange, prefix)
> @@ -457,7 +438,6 @@ Object-specific Options (see above):
> 'level=',
> 'roles=',
> 'type=',
> - 'trans=',
> 'prefix='
> ])
> for o, a in gopts:
> diff --git a/policycoreutils/semanage/seobject.py
> b/policycoreutils/semanage/seobject.py
> index 3272a12..7c94da0 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -195,88 +195,6 @@ def untranslate(trans, prepend = 1):
> else:
> return raw
>
> -class setransRecords:
> - def __init__(self):
> - self.filename = selinux.selinux_translations_path()
> - try:
> - fd = open(self.filename, "r")
> - translations = fd.readlines()
> - fd.close()
> - except IOError, e:
> - raise ValueError(_("Unable to open %s: translations not supported
> on non-MLS machines: %s") % (self.filename, e) )
> -
> - self.ddict = {}
> - self.comments = []
> - for r in translations:
> - if len(r) == 0:
> - continue
> - i = r.strip()
> - if i == "" or i[0] == "#":
> - self.comments.append(r)
> - continue
> - i = i.split("=")
> - if len(i) != 2:
> - self.comments.append(r)
> - continue
> - if self.ddict.has_key(i[0]) == 0:
> - self.ddict[i[0]] = i[1]
> -
> - def get_all(self):
> - return self.ddict
> -
> - def out(self):
> - rec = ""
> - for c in self.comments:
> - rec += c
> - keys = self.ddict.keys()
> - keys.sort()
> - for k in keys:
> - rec += "%s=%s\n" % (k, self.ddict[k])
> - return rec
> -
> - def list(self, heading = 1, locallist = 0):
> - if heading:
> - print "\n%-25s %s\n" % (_("Level"), _("Translation"))
> - keys = self.ddict.keys()
> - keys.sort()
> - for k in keys:
> - print "%-25s %s" % (k, self.ddict[k])
> -
> - def add(self, raw, trans):
> - if trans.find(" ") >= 0:
> - raise ValueError(_("Translations can not contain spaces '%s' ") %
> trans)
> -
> - if validate_level(raw) == None:
> - raise ValueError(_("Invalid Level '%s' ") % raw)
> -
> - if self.ddict.has_key(raw):
> - raise ValueError(_("%s already defined in translations") % raw)
> - else:
> - self.ddict[raw] = trans
> - self.save()
> -
> - def modify(self, raw, trans):
> - if trans.find(" ") >= 0:
> -
> - raise ValueError(_("Translations can not contain spaces '%s' ") %
> trans)
> - if self.ddict.has_key(raw):
> - self.ddict[raw] = trans
> - else:
> - raise ValueError(_("%s not defined in translations") % raw)
> - self.save()
> -
> - def delete(self, raw):
> - self.ddict.pop(raw)
> - self.save()
> -
> - def save(self):
> - (fd, newfilename) = tempfile.mkstemp('', self.filename)
> - os.write(fd, self.out())
> - os.close(fd)
> - os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
> - os.rename(newfilename, self.filename)
> - os.system("/sbin/service mcstrans reload > /dev/null")
> -
> class semanageRecords:
> def __init__(self, store):
> global handle
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-11-10 22:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-30 18:07 Remove setrans management from semanage Daniel J Walsh
2009-11-10 22:36 ` Chad Sellers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.