On Mar 11, 2009, at 3:49 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Nall wrote:
On Mar 11, 2009, at 2:35 PM, Daniel J Walsh wrote:
On 03/11/2009 12:15 PM, Joe Nall wrote:
I need to add login mappings in python firstboot modules during
system
configuration. In my first module a simple:
seobject.loginRecords().add(username, "siterep_u",
"SystemLow-SystemHigh")
works. In subsequent modules, I get an exception:
libsemanage.enter_rw: this operation requires a transaction
libsemanage.enter_rw: could not enter read-write section
Traceback (most recent call last):
File "./t", line 6, in <module>
seobject.loginRecords().add("test3", "sysadm_u", "SystemLow-
SystemHigh")
File "/usr/lib64/python2.5/site-packages/seobject.py", line 442,
in add
raise error
ValueError: Could not add login mapping for test3
What is the right way to do this?
joe
--
This message was distributed to subscribers of the selinux
mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
with
the words "unsubscribe selinux" without quotes as the message.
Probably an MLS issue. firtstboot is running in a context that is
not
allowed to lock/manage selinux.
I'm installing in permissive and switching to enforcing after
firstboot.
You are correct that firstboot_t doesn't have the policy for all the
stuff I'm trying to do yet.
You probably should exec semanage rather then calling seobject so
you
could do a transition and not have to give a huge app like first
boot
the ability to manage security policy.
That is what is installing right now. I would still like an
explanation/code snippet of correct usage for future use
joe
This works on F10 Targeted policy
# python -c "import seobject; seobject.loginRecords().add("pwalsh",
"staff_u", "s0")
# python -c 'import seobject;
seobject.loginRecords().delete("pwalsh")'
Could it be a translation problem?
I don't think so, mcstrans is installed and running at this point in
the install. Try this, sometimes it works, sometimes it fails with:
[joe@fast firstboot]$ sudo ./t
libsemanage.enter_rw: this operation requires a transaction
libsemanage.enter_rw: could not enter read-write section
Traceback (most recent call last):
File "./t", line 7, in <module>
seobject.loginRecords().delete("pwalsh")
File "/usr/lib64/python2.5/site-packages/seobject.py", line 526, in
delete
raise error
ValueError: Could not delete login mapping for pwalsh
------------
#!/usr/bin/python
import seobject
seobject.loginRecords().add("pwalsh", "staff_u", "s0")
seobject.loginRecords().delete("pwalsh")
seobject.loginRecords().add("pwalsh", "staff_u", "s0")
seobject.loginRecords().delete("pwalsh")
joe
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
