def main():
global preserve_environment, cmd, args, debug
try:
opts, args = getopt.getopt(sys.argv[1:], "l:m:t:cdnuf:shb", [
"level=", "max-level-or-clearance=", "title=", "current-level",
"debug", "no-environment", "use-execv", "file-level=",
"selinux-user-range", "clearance", "dont-background"
])
except getopt.GetoptError:
error_dialog(
_("An error occurred while processing command line arguments."))
print "usage: ml-launch [--level=<level> --max-level-or-clearance=<level> --title=<window title> --current-level --debug --no-environment --use-execv --file-level=<file name> --selinux-user-range --clearance --dont-background] <command> <command arguments ...>"
sys.exit(-1)
if len(args) == 0:
error_dialog(
"usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] {--dont-background] <command> <command arguments ...>"
)
sys.exit(-1)
level = None
title = None
use_execv = False
dont_background = False
argptr = 0
for o, a in opts:
if o in ("-l", "--level"):
if level == None:
level = a
else:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
argptr = argptr + 1
elif o in ("-b", "--dont-background"):
dont_background = True
argptr = argptr + 1
elif o in ("-t", "--title"):
title = a
argptr = argptr + 1
elif o in ("-f", "--file-level"):
if level == None:
level = get_file_level(a)
if level.startswith("Cancel"):
error_dialog("ml-launch: error getting file level for %s" %
level.split(" - ")[1])
sys.exit(-1)
else:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
argptr = argptr + 1
elif o in ("-d", "--debug"):
debug = True
argptr = argptr + 1
elif o in ("-n", "--no-environment"):
preserve_environment = False
argptr = argptr + 1
elif o in ("-u", "--use-execv"):
use_execv = True
argptr = argptr + 1
elif o in ("-c", "--current-level"):
if level != None:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
(rc, context) = selinux.getcon()
context_array = context.split(":")
range = context_array[3]
range_array = range.split("-")
level = range_array[0]
argptr = argptr + 1
elif o in ("-s", "--selinux-user-range"):
if level != None:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
user = pwd.getpwuid(os.getuid()).pw_name
(rc, seuser, level) = selinux.getseuserbyname(user)
(rc, tcon) = selinux_raw_to_trans_context("a:b:c:" + level)
context_array = tcon.split(":")
level = context_array[3]
argptr = argptr + 1
elif o in ("-h", "--clearance"):
if level != None:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
user_range = get_trans_range()
range_array = user_range.split("-")
level = range_array[1]
argptr = argptr + 1
elif o in ("-m", "--max-level-or-clearance"):
if level != None:
error_dialog(
"ml-launch: use only one level setting command argument")
sys.exit(-1)
level = a
# if the users clearance doesn't dominate the specified level use the clearance
if check_level_dominance(level):
user_range = get_trans_range()
range_array = user_range.split("-")
level = range_array[1]
argptr = argptr + 1
else:
error_dialog(
"usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] [--dont-background] <command> <command arguments ...>"
)
sys.exit(-1)
cmd = sys.argv[argptr + 1]
args = sys.argv[argptr + 2:]
if debug:
print >> sys.stderr, ("cmd: %s\nargc: %s") % (cmd, args)
signal.signal(signal.SIGCLD, signal.SIG_DFL)
if level == None:
p = subprocess.Popen(["/usr/share/mls-tools/label-dialog"],
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
close_fds=True)
level = p.communicate()[0].strip()
if debug:
logging.debug("label-dialog: %s" % (level))
if level == "Cancel":
sys.exit(1)
if check_level_dominance(level):
error_dialog(
"ml-launch: attempting to run a command at a level beyond your clearance."
)
sys.exit(1)
if dont_background:
pid = 0
else:
try:
pid = os.fork()
except e:
print >> sys.stderr, _("Failed to fork new process: %d (%s)") % (
e.errno, e.strerror)
sys.exit(1)
if not pid:
if debug:
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s %(filename)s',
filename='/tmp/ml-launch.log',
filemode='w')
if use_execv:
return newrole_execv(level, cmd, args, dont_background)
else:
return newrole(level, cmd, args, None)
def get_range():
user = pwd.getpwuid(os.getuid()).pw_name
(rc, seuser, level) = selinux.getseuserbyname(user)
logging.debug("get_range: " + user + " " + seuser + " " + level)
return level
def get_range():
user = pwd.getpwuid(os.getuid()).pw_name
(rc, seuser, level) = selinux.getseuserbyname(user)
logging.debug("get_range: " + user + " " + seuser + " " + level)
return level
def main():
global preserve_environment, cmd, args, debug
try:
opts, args = getopt.getopt(sys.argv[1:], "l:m:t:cdnuf:shb", ["level=", "max-level-or-clearance=", "title=","current-level", "debug", "no-environment", "use-execv", "file-level=", "selinux-user-range", "clearance", "dont-background"])
except getopt.GetoptError:
error_dialog( _("An error occurred while processing command line arguments."))
print "usage: ml-launch [--level=<level> --max-level-or-clearance=<level> --title=<window title> --current-level --debug --no-environment --use-execv --file-level=<file name> --selinux-user-range --clearance --dont-background] <command> <command arguments ...>"
sys.exit(-1)
if len(args) == 0:
error_dialog("usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] {--dont-background] <command> <command arguments ...>")
sys.exit(-1)
level = None
title = None
use_execv = False
dont_background = False
argptr = 0
for o, a in opts:
if o in ("-l", "--level"):
if level == None:
level = a
else:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
argptr = argptr + 1
elif o in ("-b", "--dont-background"):
dont_background = True
argptr = argptr + 1
elif o in ("-t", "--title"):
title = a
argptr = argptr + 1
elif o in ("-f", "--file-level"):
if level == None:
level = get_file_level(a)
if level.startswith("Cancel"):
error_dialog("ml-launch: error getting file level for %s" % level.split(" - ")[1])
sys.exit(-1)
else:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
argptr = argptr + 1
elif o in ("-d", "--debug"):
debug = True
argptr = argptr + 1
elif o in ("-n", "--no-environment"):
preserve_environment = False
argptr = argptr + 1
elif o in ("-u", "--use-execv"):
use_execv = True
argptr = argptr + 1
elif o in ("-c", "--current-level"):
if level != None:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
(rc, context) = selinux.getcon()
context_array = context.split(":")
range = context_array[3]
range_array = range.split("-")
level = range_array[0]
argptr = argptr + 1
elif o in ("-s", "--selinux-user-range"):
if level != None:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
user = pwd.getpwuid(os.getuid()).pw_name
(rc, seuser, level) = selinux.getseuserbyname(user)
(rc, tcon) = selinux_raw_to_trans_context("a:b:c:" + level)
context_array = tcon.split(":")
level = context_array[3]
argptr = argptr + 1
elif o in ("-h", "--clearance"):
if level != None:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
user_range = get_trans_range()
range_array = user_range.split("-")
level = range_array[1]
argptr = argptr + 1
elif o in ("-m", "--max-level-or-clearance"):
if level != None:
error_dialog("ml-launch: use only one level setting command argument")
sys.exit(-1)
level = a
# if the users clearance doesn't dominate the specified level use the clearance
if check_level_dominance(level):
user_range = get_trans_range()
range_array = user_range.split("-")
level = range_array[1]
argptr = argptr + 1
else:
error_dialog("usage: ml-launch [--level=<level>] [--max-level-or-clearance=<level>] [--title=<window title>] [--debug] [--no-environment] [--use-execv] [--current-level] [--file-level=<file name>] [--selinux-user-range] [--clearance] [--dont-background] <command> <command arguments ...>")
sys.exit(-1)
cmd = sys.argv[argptr+1]
args = sys.argv[argptr+2:]
if debug:
print >>sys.stderr, ("cmd: %s\nargc: %s") % (cmd, args)
signal.signal(signal.SIGCLD, signal.SIG_DFL)
if level == None:
p = subprocess.Popen(["/usr/share/mls-tools/label-dialog"], stderr=subprocess.PIPE, stdout=subprocess.PIPE, close_fds=True)
level = p.communicate()[0].strip()
if debug:
logging.debug("label-dialog: %s" % (level))
if level == "Cancel":
sys.exit(1)
if check_level_dominance(level):
error_dialog("ml-launch: attempting to run a command at a level beyond your clearance.")
sys.exit(1)
if dont_background:
pid = 0
else:
try:
pid = os.fork()
except e:
print >>sys.stderr, _("Failed to fork new process: %d (%s)") % (e.errno, e.strerror)
sys.exit(1)
if not pid:
if debug:
logging.basicConfig(level=logging.DEBUG,
format='%(asctime)s %(levelname)s %(message)s %(filename)s',
filename='/tmp/ml-launch.log',
filemode='w')
if use_execv:
return newrole_execv(level, cmd, args, dont_background)
else:
return newrole(level, cmd, args, None)
