From: Chad Sellers <csellers@tresys.com>
To: Daniel J Walsh <dwalsh@redhat.com>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: Remove setrans management from semanage
Date: Tue, 10 Nov 2009 17:36:11 -0500 [thread overview]
Message-ID: <C71F550B.AFD50%csellers@tresys.com> (raw)
In-Reply-To: <4AC39E75.9030907@redhat.com>
On 9/30/09 2:07 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
> This will not work correctly using the current mcstrans code base. I believe
> an admin has to edit this code directly and probably should have never been
> added to semanage.
>
Acked-by: Chad Sellers <csellers@tresys.com>
I'll update the man page as well.
> diff --git a/policycoreutils/semanage/semanage
> b/policycoreutils/semanage/semanage
> index 2285489..ffaca5b 100644
> --- a/policycoreutils/semanage/semanage
> +++ b/policycoreutils/semanage/semanage
> @@ -44,14 +44,13 @@ if __name__ == '__main__':
> text = _("""
> semanage [ -S store ] -i [ input_file | - ]
>
> -semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D}
> [-n]
> +semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
> semanage login -{a|d|m} [-sr] login_name | %groupname
> semanage user -{a|d|m} [-LrRP] selinux_name
> semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
> semanage interface -{a|d|m} [-tr] interface_spec
> semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
> semanage fcontext -{a|d|m} [-frst] file_spec
> -semanage translation -{a|d|m} [-T] level
> semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
> semanage permissive -{d|a} type
> semanage dontaudit [ on | off ]
> @@ -88,8 +87,6 @@ Object-specific Options (see above):
> -P, --prefix Prefix for home directory labeling
> -L, --level Default SELinux Level (MLS/MCS Systems only)
> -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
> - -T, --trans SELinux Level Translation (MLS/MCS Systems only)
> -
> -s, --seuser SELinux User Name
> -t, --type SELinux Type for the object
> -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
> @@ -118,8 +115,6 @@ Object-specific Options (see above):
> valid_option["fcontext"] = []
> valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s',
> '--seuser', '-t', '--type', '-r', '--range']
> valid_option["dontaudit"] = [ '-S', '--store' ]
> - valid_option["translation"] = []
> - valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
> valid_option["boolean"] = []
> valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1",
> "-0", "-F", "--file"]
> valid_option["permissive"] = []
> @@ -180,7 +175,6 @@ Object-specific Options (see above):
> selevel = ""
> setype = ""
> ftype = ""
> - setrans = ""
> roles = ""
> seuser = ""
> prefix = "user"
> @@ -203,7 +197,7 @@ Object-specific Options (see above):
> args = argv[1:]
>
> gopts, cmds = getopt.getopt(args,
> - '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
> + '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
> ['add',
> 'delete',
> 'deleteall',
> @@ -225,7 +219,6 @@ Object-specific Options (see above):
> 'level=',
> 'roles=',
> 'type=',
> - 'trans=',
> 'prefix=',
> 'mask='
> ])
> @@ -297,9 +290,6 @@ Object-specific Options (see above):
> if o == "-t" or o == "--type":
> setype = a
>
> - if o == "-T" or o == "--trans":
> - setrans = a
> -
> if o == "--on" or o == "-1":
> value = "on"
> if o == "--off" or o == "-0":
> @@ -326,9 +316,6 @@ Object-specific Options (see above):
> if object == "boolean":
> OBJECT = seobject.booleanRecords(store)
>
> - if object == "translation":
> - OBJECT = seobject.setransRecords()
> -
> if object == "permissive":
> OBJECT = seobject.permissiveRecords(store)
>
> @@ -358,9 +345,6 @@ Object-specific Options (see above):
> if object == "login":
> OBJECT.add(target, seuser, serange)
>
> - if object == "translation":
> - OBJECT.add(target, setrans)
> -
> if object == "user":
> OBJECT.add(target, roles.split(), selevel, serange, prefix)
>
> @@ -387,9 +371,6 @@ Object-specific Options (see above):
> if object == "login":
> OBJECT.modify(target, seuser, serange)
>
> - if object == "translation":
> - OBJECT.modify(target, setrans)
> -
> if object == "user":
> rlist = roles.split()
> OBJECT.modify(target, rlist, selevel, serange, prefix)
> @@ -457,7 +438,6 @@ Object-specific Options (see above):
> 'level=',
> 'roles=',
> 'type=',
> - 'trans=',
> 'prefix='
> ])
> for o, a in gopts:
> diff --git a/policycoreutils/semanage/seobject.py
> b/policycoreutils/semanage/seobject.py
> index 3272a12..7c94da0 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -195,88 +195,6 @@ def untranslate(trans, prepend = 1):
> else:
> return raw
>
> -class setransRecords:
> - def __init__(self):
> - self.filename = selinux.selinux_translations_path()
> - try:
> - fd = open(self.filename, "r")
> - translations = fd.readlines()
> - fd.close()
> - except IOError, e:
> - raise ValueError(_("Unable to open %s: translations not supported
> on non-MLS machines: %s") % (self.filename, e) )
> -
> - self.ddict = {}
> - self.comments = []
> - for r in translations:
> - if len(r) == 0:
> - continue
> - i = r.strip()
> - if i == "" or i[0] == "#":
> - self.comments.append(r)
> - continue
> - i = i.split("=")
> - if len(i) != 2:
> - self.comments.append(r)
> - continue
> - if self.ddict.has_key(i[0]) == 0:
> - self.ddict[i[0]] = i[1]
> -
> - def get_all(self):
> - return self.ddict
> -
> - def out(self):
> - rec = ""
> - for c in self.comments:
> - rec += c
> - keys = self.ddict.keys()
> - keys.sort()
> - for k in keys:
> - rec += "%s=%s\n" % (k, self.ddict[k])
> - return rec
> -
> - def list(self, heading = 1, locallist = 0):
> - if heading:
> - print "\n%-25s %s\n" % (_("Level"), _("Translation"))
> - keys = self.ddict.keys()
> - keys.sort()
> - for k in keys:
> - print "%-25s %s" % (k, self.ddict[k])
> -
> - def add(self, raw, trans):
> - if trans.find(" ") >= 0:
> - raise ValueError(_("Translations can not contain spaces '%s' ") %
> trans)
> -
> - if validate_level(raw) == None:
> - raise ValueError(_("Invalid Level '%s' ") % raw)
> -
> - if self.ddict.has_key(raw):
> - raise ValueError(_("%s already defined in translations") % raw)
> - else:
> - self.ddict[raw] = trans
> - self.save()
> -
> - def modify(self, raw, trans):
> - if trans.find(" ") >= 0:
> -
> - raise ValueError(_("Translations can not contain spaces '%s' ") %
> trans)
> - if self.ddict.has_key(raw):
> - self.ddict[raw] = trans
> - else:
> - raise ValueError(_("%s not defined in translations") % raw)
> - self.save()
> -
> - def delete(self, raw):
> - self.ddict.pop(raw)
> - self.save()
> -
> - def save(self):
> - (fd, newfilename) = tempfile.mkstemp('', self.filename)
> - os.write(fd, self.out())
> - os.close(fd)
> - os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
> - os.rename(newfilename, self.filename)
> - os.system("/sbin/service mcstrans reload > /dev/null")
> -
> class semanageRecords:
> def __init__(self, store):
> global handle
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2009-11-10 22:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 18:07 Remove setrans management from semanage Daniel J Walsh
2009-11-10 22:36 ` Chad Sellers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C71F550B.AFD50%csellers@tresys.com \
--to=csellers@tresys.com \
--cc=dwalsh@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.