-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5D7LIACgkQrlYvE4MpobNGFgCeNcJ4o7es0i31TI+4Nl6LG90b WtMAoMXDmTj1Cq1vqesaxO2M49XEPlkY =iwwz -----END PGP SIGNATURE-----
>From b07fd8f53e09eed08add8c6bc4221ffc75364e02 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Tue, 19 Jul 2011 11:27:23 -0400
Subject: [PATCH 49/96] policycoreutils: semanage: introduce extraction of
local configuration
Add a new option -E which will extract the local configuration changes
made for the given record type. This will be used by a further output
option to be able to dump local configuration in a form which can be
imported later.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/semanage/semanage | 30 ++++++++++----
policycoreutils/semanage/seobject.py | 71 ++++++++++++++++++++++++++++++++++
2 files changed, 93 insertions(+), 8 deletions(-)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 51c8b05..3d1349d 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -53,12 +53,12 @@ if __name__ == '__main__':
semanage [ -S store ] -i [ input_file | - ]
semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
-semanage login -{a|d|m|D} [-sr] login_name | %groupname
-semanage user -{a|d|m|D} [-LrRP] selinux_name
-semanage port -{a|d|m|D} [-tr] [ -p proto ] port | port_range
-semanage interface -{a|d|m|D} [-tr] interface_spec
-semanage node -{a|d|m|D} [-tr] [ -p protocol ] [-M netmask] addr
-semanage fcontext -{a|d|m|D} [-frst] file_spec
+semanage login -{a|d|m|D|E} [-sr] login_name | %groupname
+semanage user -{a|d|m|D|E} [-LrRP] selinux_name
+semanage port -{a|d|m|D|E} [-tr] [ -p proto ] port | port_range
+semanage interface -{a|d|m|D|E} [-tr] interface_spec
+semanage node -{a|d|m|D|E} [-tr] [ -p protocol ] [-M netmask] addr
+semanage fcontext -{a|d|m|D|E} [-frst] file_spec
semanage boolean -{d|m|D} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type
semanage dontaudit [ on | off ]
@@ -70,6 +70,7 @@ Primary Options:
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
-l, --list List the OBJECTS
+ -E, --extract extract customizable commands
-C, --locallist List OBJECTS local customizations
-D, --deleteall Remove all OBJECTS local customizations
@@ -110,7 +111,7 @@ Object-specific Options (see above):
def get_options():
valid_option={}
valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-S', '--store' ]
- valid_local=[ '-C', '--locallist', '-D', '--deleteall']
+ valid_local=[ '-E', '--extract', '-C', '--locallist', '-D', '--deleteall']
valid_option["login"] = []
valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
@@ -195,6 +196,7 @@ Object-specific Options (see above):
modify = False
delete = False
deleteall = False
+ extract = False
list = False
locallist = False
use_file = False
@@ -211,10 +213,11 @@ Object-specific Options (see above):
try:
gopts, cmds = getopt.getopt(args,
- '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
+ '01adEf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
['add',
'delete',
'deleteall',
+ 'extract',
'ftype=',
'file',
'help',
@@ -255,6 +258,11 @@ Object-specific Options (see above):
if o == "-D" or o == "--deleteall":
set_action(o)
deleteall = True
+
+ if o == "-E" or o == "--extract":
+ set_action(o)
+ extract = True
+
if o == "-f" or o == "--ftype":
ftype=a
@@ -350,6 +358,12 @@ Object-specific Options (see above):
OBJECT.deleteall()
return
+
+ if extract:
+ for i in OBJECT.customized():
+ print "%s %s" % (object, str(i))
+ return
+
if len(cmds) != 1:
raise ValueError(_("bad option"))
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 83f930d..233d0e5 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -221,6 +221,9 @@ class semanageRecords:
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
+ def customized(self):
+ raise ValueError(_("Not yet implemented"))
+
def commit(self):
if semanageRecords.transaction:
return
@@ -510,6 +513,15 @@ class loginRecords(semanageRecords):
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
+ return l
+
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -734,6 +746,15 @@ class seluserRecords(semanageRecords):
return ddict
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ l.append("-a -r %s -R '%s' %s" % (ddict[k][2], ddict[k][3], k))
+ return l
+
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
@@ -977,6 +998,18 @@ class portRecords(semanageRecords):
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ if k[0] == k[1]:
+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
+ else:
+ l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
+ return l
+
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
@@ -1192,6 +1225,15 @@ class nodeRecords(semanageRecords):
return ddict
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0]))
+ return l
+
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
@@ -1371,6 +1413,15 @@ class interfaceRecords(semanageRecords):
return ddict
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ l.append("-a -t %s %s" % (ddict[k][2], k))
+ return l
+
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
@@ -1613,6 +1664,16 @@ class fcontextRecords(semanageRecords):
return ddict
+ def customized(self):
+ l = []
+ fcon_dict = self.get_all(True)
+ keys = fcon_dict.keys()
+ keys.sort()
+ for k in keys:
+ if fcon_dict[k]:
+ l.append("-a -f '%s' -t %s '%s'" % (k[1], fcon_dict[k][2], k[0]))
+ return l
+
def list(self, heading = 1, locallist = 0 ):
fcon_dict = self.get_all(locallist)
keys = fcon_dict.keys()
@@ -1775,6 +1836,16 @@ class booleanRecords(semanageRecords):
else:
return _("unknown")
+ def customized(self):
+ l = []
+ ddict = self.get_all(True)
+ keys = ddict.keys()
+ keys.sort()
+ for k in keys:
+ if ddict[k]:
+ l.append("-%s %s" % (ddict[k][2], k))
+ return l
+
def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"), _("on"))
if use_file:
--
1.7.6
Attachment:
0049-policycoreutils-semanage-introduce-extraction-of-loc.patch.sig
Description: PGP signature
