Re: Patch to semanage

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 27 Aug 2009 17:39:27 -0400

Redone to match man page and remove reload_policy.

diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index c4c957c..2285489 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -54,6 +54,7 @@ semanage fcontext -{a|d|m} [-frst] file_spec
 semanage translation -{a|d|m} [-T] level
 semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
 semanage permissive -{d|a} type
+semanage dontaudit [ on | off ]
 
 Primary Options:
 
@@ -116,6 +117,7 @@ Object-specific Options (see above):
 		valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
 		valid_option["fcontext"] = []
 		valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser',  '-t', '--type', '-r', '--range'] 
+		valid_option["dontaudit"] = [ '-S', '--store' ]
 		valid_option["translation"] = []
 		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
@@ -346,6 +348,12 @@ Object-specific Options (see above):
                         
                 target = cmds[0]
 
+
+		if object == "dontaudit":
+			OBJECT = seobject.dontauditClass(store)
+                        OBJECT.toggle(target)
+                        return
+                              
 		if add:
 			if object == "login":
 				OBJECT.add(target, seuser, serange)
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
index d0726cf..d83e94e 100644
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@@ -21,6 +21,8 @@ semanage \- SELinux Policy Management tool
 .br
 .B semanage permissive \-{a|d} type
 .br
+.B semanage dontaudit [ on | off ]
+.br
 .B semanage translation \-{a|d|m} [\-T] level
 .P
 
@@ -117,6 +119,8 @@ $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
 $ semanage port -a -t http_port_t -p tcp 81
 # Change apache to a permissive domain
 $ semanage permissive -a httpd_t
+# Turn off dontaudit rules
+$ semanage dontaudit off
 .fi
 
 .SH "AUTHOR"
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 20bd205..bc329e1 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -314,6 +314,17 @@ class semanageRecords:
                self.transaction = False
                self.commit()
 
+class dontauditClass(semanageRecords):
+	def __init__(self, store):
+               semanageRecords.__init__(self, store)
+
+	def toggle(self, dontaudit):
+               if dontaudit not in [ "on", "off" ]:
+                      raise ValueError(_("dontaudit requires either 'on' or 'off'"))
+               self.begin()
+               rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
+               self.commit()
+               
 class permissiveRecords(semanageRecords):
 	def __init__(self, store):
                semanageRecords.__init__(self, store)




