-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/I+lsACgkQrlYvE4MpobPw/gCfTNHzh7nlpU+ViZ1FH6gl2OOT
04cAoM5H3IBidzAvZ2kqPJDGhct+LPBe
=gc9I
-----END PGP SIGNATURE-----
>From 7436bec651cab965c7043057cfcb54781836ddbc Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 8 May 2012 08:37:45 -0400
Subject: [PATCH 58/90] Add -N, --noreload option to semanage to prevent
reloading policy into i the kernel.
---
policycoreutils/semanage/semanage | 46 ++++++++++++++++++++--------------
policycoreutils/semanage/seobject.py | 6 ++++-
2 files changed, 32 insertions(+), 20 deletions(-)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
index e099c21..628a686 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -53,16 +53,16 @@ if __name__ == '__main__':
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
-semanage login -{a|d|m|l|D|E} [-nsr] login_name | %groupname
-semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name
-semanage port -{a|d|m|l|D|E} [-ntr] [ -p proto ] port | port_range
-semanage interface -{a|d|m|l|D|E} [-ntr] interface_spec
-semanage module -{a|d|m} [--enable|--disable] module
-semanage node -{a|d|m|l|D|E} [-ntr] [ -p protocol ] [-M netmask] addr
-semanage fcontext -{a|d|m|l|D|E} [-efnrst] file_spec
-semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
-semanage permissive -{d|a|l} [-n] type
-semanage dontaudit [ on | off ]
+semanage login -{a|d|m|l|D|E} [-Nnsr] login_name | %groupname
+semanage user -{a|d|m|l|D|E} [-LNnrRP] selinux_name
+semanage port -{a|d|m|l|D|E} [-Nntr] [ -p proto ] port | port_range
+semanage interface -{a|d|m|l|D|E} [-Nntr] interface_spec
+semanage module -{a|d|m} [--enable|--disable] [-N] module
+semanage node -{a|d|m|l|D|E} [-Nntr] [ -p protocol ] [-M netmask] addr
+semanage fcontext -{a|d|m|l|D|E} [-Nefnrst] file_spec
+semanage boolean -{d|m} [--on|--off|-1|-0] [-N] -F boolean | boolean_file
+semanage permissive -{d|a|l} [-Nn] type
+semanage dontaudit [ on | off ] [-N]
Primary Options:
@@ -95,6 +95,7 @@ Object-specific Options (see above):
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
+ -N, --noreload Do not reload policy into the kernel
-e, --equal Substitue source path for dest path when labeling
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
@@ -120,22 +121,22 @@ Object-specific Options (see above):
valid_option["login"] = []
valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
- valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
+ valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix', '-N', '--noreload' ]
valid_option["port"] = []
- valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
+ valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' , '-N', '--noreload' ]
valid_option["interface"] = []
- valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range']
+ valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-N', '--noreload' ]
valid_option["node"] = []
- valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
+ valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol', '-N', '--noreload' ]
valid_option["module"] = []
- valid_option["module"] += valid_everyone + [ '--enable', '--disable']
+ valid_option["module"] += valid_everyone + [ '--enable', '--disable', '-N', '--noreload' ]
valid_option["fcontext"] = []
- valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range', '-N', '--noreload' ]
valid_option["dontaudit"] = [ '-S', '--store' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file"]
+ valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file", '-N', '--noreload' ]
valid_option["permissive"] = []
- valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' , '-N', '--noreload' ]
return valid_option
def mkargv(line):
@@ -198,6 +199,7 @@ Object-specific Options (see above):
seuser = ""
prefix = "user"
heading = True
+ reload = True
value = None
add = False
modify = False
@@ -223,7 +225,7 @@ Object-specific Options (see above):
try:
gopts, cmds = getopt.getopt(args,
- '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
+ '01adEe:f:i:lhmNnp:s:FCDR:L:r:t:P:S:M:',
['add',
'delete',
'deleteall',
@@ -238,6 +240,7 @@ Object-specific Options (see above):
'list',
'modify',
'noheading',
+ 'noreload',
'localist',
'off',
'on',
@@ -298,6 +301,9 @@ Object-specific Options (see above):
if o == "-n" or o == "--noheading":
heading = False
+ if o == "-N" or o == "--noreload":
+ reload = False
+
if o == "-C" or o == "--locallist":
locallist = True
@@ -379,6 +385,7 @@ Object-specific Options (see above):
OBJECT.list(heading, locallist)
return
+ OBJECT.set_reload(reload)
if deleteall:
OBJECT.deleteall()
return
@@ -553,6 +560,7 @@ Object-specific Options (see above):
trans.start()
for l in fd.readlines():
process_args(mkargv(l))
+ trans.set_reload(reload)
trans.finish()
else:
process_args(sys.argv[1:])
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 28cf30e..13b5843 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -202,7 +202,7 @@ class semanageRecords:
store = None
def __init__(self, store):
global handle
-
+ self.reload = True
self.sh = self.get_handle(store)
rc, localstore = selinux.selinux_getpolicytype()
@@ -211,6 +211,9 @@ class semanageRecords:
else:
self.mylog = nulllogger()
+ def set_reload(self, reload):
+ self.reload = reload
+
def get_handle(self, store):
global is_mls_enabled
@@ -268,6 +271,7 @@ class semanageRecords:
def commit(self):
if semanageRecords.transaction:
return
+ semanage_set_reload(self.sh, self.reload)
rc = semanage_commit(self.sh)
if rc < 0:
self.mylog.commit(0)
--
1.7.10.2
