From: Daniel J Walsh <dwalsh@redhat.com>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: semanage Equal.patch
Date: Wed, 30 Sep 2009 15:47:07 -0400 [thread overview]
Message-ID: <4AC3B5BB.1090708@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 63 bytes --]
This is a patch that provides the fcontext equial to semanage.
[-- Attachment #2: equal.patch --]
[-- Type: text/plain, Size: 6004 bytes --]
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 128ab47..e974d33 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -84,6 +84,7 @@ Object-specific Options (see above):
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
+ -e, --equal Make target equal to this paths labeling
-M, --mask Netmask
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
@@ -193,6 +194,7 @@ Object-specific Options (see above):
locallist = False
use_file = False
store = ""
+ equal=""
enable = False
disable = False
@@ -208,6 +210,7 @@ Object-specific Options (see above):
['add',
'delete',
'deleteall',
+ 'equal=',
'ftype=',
'file',
'help',
@@ -248,6 +251,9 @@ Object-specific Options (see above):
raise ValueError(_("%s bad option") % o)
deleteall = True
+ if o == "-e" or o == "--equal":
+ equal = a
+
if o == "--enable":
if disable:
raise ValueError(_("You can't disable and enable at the same time"))
@@ -384,7 +390,11 @@ Object-specific Options (see above):
OBJECT.add(target, mask, proto, serange, setype)
if object == "fcontext":
- OBJECT.add(target, setype, ftype, serange, seuser)
+ if equal == "":
+ OBJECT.add(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.add_equal(target, equal)
+
if object == "permissive":
OBJECT.add(target)
@@ -419,7 +429,10 @@ Object-specific Options (see above):
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
- OBJECT.modify(target, setype, ftype, serange, seuser)
+ if equal == "":
+ OBJECT.modify(target, setype, ftype, serange, seuser)
+ else:
+ OBJECT.modify_equal(target, equal)
return
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 4d36660..d702f2f 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1409,6 +1409,48 @@ class interfaceRecords(semanageRecords):
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.equiv = {}
+ self.equal_ind = False
+ try:
+ fd = open(selinux.selinux_file_context_subs_path(), "r")
+ for i in fd.readlines():
+ src, dst = i.split()
+ self.equiv[src] = dst
+ fd.close()
+ except IOError:
+ pass
+
+ def commit(self):
+ if self.equal_ind:
+ subs_file = selinux.selinux_file_context_subs_path()
+ tmpfile = "%s.tmp" % subs_file
+ fd = open(tmpfile, "w")
+ for src in self.equiv.keys():
+ fd.write("%s %s\n" % (src, self.equiv[src]))
+ fd.close()
+ try:
+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
+ except:
+ pass
+ os.rename(tmpfile,subs_file)
+ self.equal_ind = False
+ semanageRecords.commit(self)
+
+ def add_equal(self, src, dst):
+ self.begin()
+ if src in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s already exists") % src)
+ self.equiv[src] = dst
+ self.equal_ind = True
+ self.commit()
+
+ def modify_equal(self, src, dst):
+ self.begin()
+ if src not in self.equiv.keys():
+ raise ValueError(_("Equivalence class for %s does not exists") % src)
+ self.equiv[src] = dst
+ self.equal_ind = True
+ self.commit()
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
@@ -1575,9 +1617,16 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
+ self.equiv = {}
+ self.equal_ind = True
self.commit()
def __delete(self, target, ftype):
+ if target in self.equiv.keys():
+ self.equiv.pop(target)
+ self.equal_ind = True
+ return
+
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
@@ -1633,11 +1682,12 @@ class fcontextRecords(semanageRecords):
return ddict
def list(self, heading = 1, locallist = 0 ):
- if heading:
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
keys.sort()
+ if len(keys) > 0 and heading:
+ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
+
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
reply other threads:[~2009-09-30 19:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AC3B5BB.1090708@redhat.com \
--to=dwalsh@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.