Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: policycoreutils 1.29.10
From: Daniel J Walsh <dwalsh_at_redhat.com>
Date: Wed, 25 Jan 2006 11:16:44 -0500
> On Mon, 2006-01-23 at 14:34 -0500, Stephen Smalley wrote: > >> I committed policycoreutils 1.29.10 on Friday, but looks like rawhide >> still has 1.29.9? It has the patches from Ivan and Russell for >> semanage, and your patches for chcat.8 and genhomedircon merged. >> > > Ping? > > I just built 1.29.11. I was waiting for some mods to libsemanage to handle semanage_user_set_roles but I build it anyways. Modify of users does not work, until this swigify is fixed. Dan Here is my latest diff also, mainly adding translation support to semanage and cleaning up some of the error reporting.
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-1.29.10/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2006-01-19 16:00:44.000000000 -0500 +++ policycoreutils-1.29.10/scripts/chcat 2006-01-20 17:17:02.000000000 -0500 @@ -356,7 +356,7 @@ if list_ind==0 and len(cmds) < 1: usage() - except: + except ValueError, e: usage()
if delete_ind:
--- nsapolicycoreutils/semanage/semanage 2006-01-20 10:37:37.000000000 -0500 +++ policycoreutils-1.29.10/semanage/semanage 2006-01-20 15:17:56.000000000 -0500 @@ -30,28 +30,27 @@ def usage(message = ""): print '\ -semanage {login|user|port|interface|fcontext} -l\n\+semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\ semanage login -{a|d|m} [-sr] login_name\n\ semanage user -{a|d|m} [-LrR] selinux_name\n\ -semanage port -{a|d|m} -p protocol [-t] port_number\n\ +semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\semanage interface -{a|d|m} [-tr] interface_spec\n\ -semanage translation -{a|d|m} [-T] level\n\ semanage fcontext -{a|d|m} [-frst] file_spec\n\ +semanage translation -{a|d|m} [-T] level\n\ -a, --add Add a OBJECT record NAME\n\ -d, --delete Delete a OBJECT record NAME\n\ -f, --ftype File Type of OBJECT \n\ -h, --help display this message\n\ -l, --list List the OBJECTS\n\ -L, --level Default SELinux Level\n\ - -n, --noheading Do not print heading when listing OBJECTS\n\ -m, --modify Modify a OBJECT record NAME\n\ - -P, --proto Port protocol\n\ + -n, --noheading Do not print heading when listing OBJECTS\n\ + -p, --proto Port protocol\n\ -r, --range MLS/MCS Security Range\n\ -R, --roles SELinux Roles (Separate by spaces)\n\ -s, --seuser SELinux user name\n\ -t, --type SELinux Type for the object\n\ -T, --trans SELinux Level Translation\n\ - -v, --verbose verbose output\n\ ' print message sys.exit(1)-# will make it easier to modify the code when the list of wanted variables -# changes. if object == "login": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() -# unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT = seobject.loginRecords() if object == "user": - if not delete: - unwanted_ftype() -# unwanted_selevel() - unwanted_proto() -# unwanted_roles() -# unwanted_serange() - unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT = seobject.seluserRecords() if object == "port": - if not delete: - unwanted_ftype() - unwanted_selevel() -# unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.portRecords() if object == "interface": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() - unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.interfaceRecords() if object == "fcontext": - if not delete: -# unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() -# unwanted_serange() -# unwanted_seuser() -# unwanted_setype() - unwanted_setrans() OBJECT = seobject.fcontextRecords() if object == "translation": - if not delete: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() - unwanted_setype() -# unwanted_setrans() OBJECT = seobject.setransRecords() if list: - unwanted_ftype() - unwanted_selevel() - unwanted_proto() - unwanted_roles() - unwanted_serange() - unwanted_seuser() - unwanted_setype() - unwanted_setrans() OBJECT.list(heading) sys.exit(0); @@ -3,19 +3,19 @@ semanage \- SELinux Policy Management tool .SH "SYNOPSIS" -.B semanage {login|user|port|interface|fcontext} \-l [\-n] +.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n] .br .B semanage login \-{a|d|m} [\-sr] login_name .br .B semanage user \-{a|d|m} [\-LrR] selinux_name .br -.B semanage port \-{a|d|m} \-p protocol [\-t] port_number +.B semanage port \-{a|d|m} [\-tr] [\-p protocol] port | port_range .br .B semanage interface \-{a|d|m} [\-tr] interface_spec .br -.B semanage translation \-{a|d|m} [\-T] level -.br .B semanage fcontext \-{a|d|m} [\-frst] file_spec +.br +.B semanage translation \-{a|d|m} [\-T] level .P
This tool is used to configure SELinux policy
.I \-d, \-\-delete Delete a OBJECT record NAME .TP -.I \-h, \-\-help -display this message -.TP .I \-f, \-\-ftype File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. .TP +.I \-h, \-\-help +display this message +.TP .I \-l, \-\-list List the OBJECTS .TP -.I \-n, \-\-noheading-Do not print heading when listing OBJECTS -.TP .I \-L, \-\-level Default SELinux Level for SELinux use. (s0) .TP .I \-m, \-\-modify Modify a OBJECT record NAME .TP +.I \-n, \-\-noheading +Do not print heading when listing OBJECTS. +.TP .I \-p, \-\-proto Protocol for the specified port (tcp|udp). .TP -.I \-R, \-\-role -SELinux Roles (Separate by spaces) -.TP .I \-r, \-\-range MLS/MCS Security Range .TP +.I \-R, \-\-role +SELinux Roles. You must inclose multiple roles within quotes, separate by spaces. +.TP .I \-s, \-\-seuser SELinux user name .TP -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 25 Jan 2006 - 11:16:36 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |