[PATCH 2/5] adding changes to sepolicy argparse, seadmin option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Signed-off-by: Leonidas Da Silva Barbosa <leosilva@xxxxxxxxxxxxxxxxxx>
---
 policycoreutils/sepolicy/sepolicy.py | 52 ++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
index 74fb347..abc6341 100755
--- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py
@@ -620,6 +620,57 @@ def gen_generate_args(parser):
                      help=_("executable to confine"))
     pol.set_defaults(func=generate)
 
+
+def admin(args):
+    from sepolicy import seadmin
+
+    if args.add and args.adminrole and args.login:
+        seisolate.create_user(args.adminrole, args.login, args.user)
+        seisolate.link(args.adminrole, args.login, args.commands)
+    elif args.add and not args.adminrole or args.login:
+        print("Role and LOGIN must be specified")
+        sys.exit(1)
+
+    if args.modify and args.adminrole and args.user:
+        seisolate.modify(args.user, args.adminrole)
+    elif args.modify and not args.adminrole or not args.user:
+        print("A user and a role must be specified")
+        sys.exit(1)
+    
+    if args.delete and args.user and args.login:
+        seisolate.delete(args.user, args.login)
+    elif args.delete and not args.user or not args.login:
+        print("An user and a LOGIN must the specified")
+        sys.exit(1)
+
+
+def gen_admin_args(parser):
+    admin = parser.add_parser("admin",
+                              help=_("Create a link between LOGIN and admin user"))
+    admin.add_argument("-a", "--add", dest="add",
+                       action="store_true", default=False, 
+                       help=_("Add a new admin user"))
+    admin.add_argument("-u", "--user", dest="user",
+                       action="store", 
+                       help=_("Receive an admin user if passed"))
+    admin.add_argument("-r", "--role", dest="adminrole",
+                       action=CheckRole, 
+                       help=_("Receive an admin role name"))
+    admin.add_argument("-l", "--login", dest="login",
+                       action="store",  
+                       help=_("Receive a LOGIN to create the admin user"))
+    admin.add_argument("-m", "--modify", dest="modify",
+                       action="store_true", default=False,
+                       help=_("Modify a given admin user"))
+    admin.add_argument("-d", "--delete", dest="delete",
+                       action="store_true", default=False,
+                       help=_("Delete a given admin user and a LOGIN"))
+    admin.add_argument("-e", "--extend", dest="commands",
+                       actions="store", default="ALL",
+                       help=_("Receive commands to set in sudoers file"))
+    admin.set_defaults(func=admin)
+ 
+
 if __name__ == '__main__':
     parser = argparse.ArgumentParser(description='SELinux Policy Inspection Tool')
     subparsers = parser.add_subparsers(help=_("commands"))
@@ -634,6 +685,7 @@ if __name__ == '__main__':
     gen_manpage_args(subparsers)
     gen_network_args(subparsers)
     gen_transition_args(subparsers)
+    gen_admin_args(subparsers)
 
     try:
         if os.path.basename(sys.argv[0]) == "sepolgen":
-- 
1.8.3.1

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux