[PATCH 50/96] policycoreutils: semanage: output all local

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5D7OAACgkQrlYvE4MpobPbewCeKVY397bwdjQOTErb5nsg9bss
Wt8AnAgZ6IAjQAfM0dUJ6afOeX6+SKZ8
=CFbV
-----END PGP SIGNATURE-----

>From f4383d77d6cfe7861007848405144a1bdb1e7ba1 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Tue, 19 Jul 2011 11:38:57 -0400
Subject: [PATCH 50/96] policycoreutils: semanage: output all local
 modifications

Introduce a new -o option which will output all local modifications in a
method which can be 're-inputted' on another host.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/semanage/semanage   |   17 ++++++++++++++++-
 policycoreutils/semanage/semanage.8 |   23 +++++++++++++++++++++--
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index 3d1349d..ac15d28 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -41,6 +41,7 @@ except IOError:
 
 if __name__ == '__main__':
 
+	manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"]
 	action  = False
 	def set_action(option):
 		global action
@@ -51,6 +52,7 @@ if __name__ == '__main__':
 	def usage(message = ""):
                text = _("""
 semanage [ -S store ] -i [ input_file | - ]
+semanage [ -S store ] -o [ output_file | - ]
 
 semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
 semanage login -{a|d|m|D|E} [-sr] login_name | %groupname
@@ -69,6 +71,7 @@ Primary Options:
 	-d, --delete     Delete a OBJECT record NAME
 	-m, --modify     Modify a OBJECT record NAME
         -i, --input      Input multiple semange commands in a transaction 
+	-o, --output     Output current customizations as semange commands
 	-l, --list       List the OBJECTS
 	-E, --extract    extract customizable commands
 	-C, --locallist  List OBJECTS local customizations
@@ -454,6 +457,7 @@ Object-specific Options (see above):
 	# 
 	#
 	try:
+               output = None
                input = None
                store = ""
 
@@ -461,7 +465,7 @@ Object-specific Options (see above):
                       usage(_("Requires 2 or more arguments"))
                 
                gopts, cmds = getopt.getopt(sys.argv[1:],
-                                           '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
+                                           '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
                                            ['add',
                                             'delete',
                                             'deleteall',
@@ -475,6 +479,7 @@ Object-specific Options (see above):
                                             'localist',
                                             'off', 
                                             'on', 
+                                            'output=',
                                             'proto=',
                                             'seuser=',
                                             'store=',
@@ -489,6 +494,16 @@ Object-specific Options (see above):
                              store = a
                       if o == "-i" or o == '--input':
                              input = a
+                      if o == "-o" or o == '--output':
+                             output = a
+
+               if output != None:
+                      if output != "-":
+                             sys.stdout = open(output, 'w')
+                      for i in manageditems:
+                             print "%s -D" % i
+                             process_args([i, "-E"])
+                      sys.exit(0)
 
                if input != None:
                       if input == "-":
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
index ead650e..4429e57 100644
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@@ -3,6 +3,14 @@
 semanage \- SELinux Policy Management tool
 
 .SH "SYNOPSIS"
+Output local customizations
+.br
+.B semanage [ -S store ] -o [ output_file | - ]
+
+Input local customizations
+.br
+.B semanage [ -S store ] -i [ input_file | - ]
+
 .B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
 .br
 .B semanage boolean \-{d|m|D} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
@@ -21,8 +29,6 @@ semanage \- SELinux Policy Management tool
 .br
 .B semanage permissive \-{a|d} type
 .br
-.B semanage -i command-file
-.br
 .B semanage dontaudit [ on | off ]
 .P
 
@@ -122,6 +128,19 @@ $ semanage port -a -t http_port_t -p tcp 81
 $ semanage permissive -a httpd_t
 # Turn off dontaudit rules
 $ semanage dontaudit off
+
+.B Managing multiple machines
+Multiple machines that need the same customizations.
+Extract customizations off first machine, copy them
+to second and import them.
+
+# semanage -o /tmp/local.selinux
+# scp /tmp/local.selinux secondmachine:/tmp
+# ssh secondmachine
+# semanage -i /tmp/local.selinux
+
+If these customizations include file context, you need to apply the
+context using restorecon.
 .fi
 
 .SH "AUTHOR"
-- 
1.7.6

Attachment: 0050-policycoreutils-semanage-output-all-local-modificati.patch.sig
Description: PGP signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux