def read_selinux_config(self):
self.initialtype = selinux.selinux_getpolicytype()[1]
try:
self.initEnabled = selinux.selinux_getenforcemode()[1]
except:
self.initEnabled = False
pass
self.enabled = self.initEnabled
self.enabledOptionMenu.set_active(self.enabled + 1)
self.types = []
n = 0
current = n
for i in os.listdir(SELINUXDIR):
if os.path.isdir(SELINUXDIR + i) and os.path.isdir(SELINUXDIR + i +
"/policy"):
self.types.append(i)
self.selinuxTypeOptionMenu.append_text(i)
if i == self.initialtype:
current = n
n = n + 1
self.selinuxTypeOptionMenu.set_active(current)
self.typeHistory = current
return 0
def get_selinux_status():
''' Get SELinux status information '''
try:
import selinux
except ImportError:
api.report_error(
"SELinux Import Error",
details="libselinux-python package must be installed.")
return
outdata = dict({'enabled': selinux.is_selinux_enabled() == 1})
outdata['mls_enabled'] = selinux.is_selinux_mls_enabled() == 1
try:
outdata['runtime_mode'] = "enforcing" if selinux.security_getenforce(
) == 1 else "permissive"
# FIXME: check selinux_getenforcemode[0] (that should be return value of a underneath function)
enforce_mode = selinux.selinux_getenforcemode()[1]
if enforce_mode >= 0:
outdata[
'static_mode'] = "enforcing" if enforce_mode == 1 else "permissive"
else:
outdata['static_mode'] = "disabled"
outdata['policy'] = selinux.selinux_getpolicytype()[1]
except OSError:
# This happens when SELinux is disabled
# [Errno 2] No such file or directory
outdata['runtime_mode'] = 'permissive'
outdata['static_mode'] = 'disabled'
outdata['policy'] = 'targeted'
return SELinuxFacts(**outdata)
def read_selinux_config(self):
self.initialtype = selinux.selinux_getpolicytype()[1]
try:
self.initEnabled = selinux.selinux_getenforcemode()[1]
except:
self.initEnabled = False
pass
self.enabled = self.initEnabled
self.enabledOptionMenu.set_active(self.enabled + 1)
self.types = []
n = 0
current = n
for i in os.listdir(SELINUXDIR):
if os.path.isdir(SELINUXDIR + i) and os.path.isdir(SELINUXDIR + i + "/policy"):
self.types.append(i)
self.selinuxTypeOptionMenu.append_text(i)
if i == self.initialtype:
current = n
n = n + 1
self.selinuxTypeOptionMenu.set_active(current)
self.typeHistory = current
return 0
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# If selinux library is missing, only set the status and selinux_python_present since
# there is no way to tell if SELinux is enabled or disabled on the system
# without the library.
if not HAVE_SELINUX:
selinux_facts['status'] = 'Missing selinux Python library'
facts_dict['selinux'] = selinux_facts
facts_dict['selinux_python_present'] = False
return facts_dict
# Set a boolean for testing whether the Python library is present
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(
configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# If selinux library is missing, only set the status and selinux_python_present since
# there is no way to tell if SELinux is enabled or disabled on the system
# without the library.
if not HAVE_SELINUX:
selinux_facts['status'] = 'Missing selinux Python library'
facts_dict['selinux'] = selinux_facts
facts_dict['selinux_python_present'] = False
return facts_dict
# Set a boolean for testing whether the Python library is present
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# This is weird. The value of the facts 'selinux' key can be False or a dict
if not HAVE_SELINUX:
facts_dict['selinux'] = False
facts_dict['selinux_python_present'] = False
return facts_dict
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
# NOTE: this could just return in the above clause and the rest of this is up an indent -akl
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(
configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# This is weird. The value of the facts 'selinux' key can be False or a dict
if not HAVE_SELINUX:
facts_dict['selinux'] = False
facts_dict['selinux_python_present'] = False
return facts_dict
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
# NOTE: this could just return in the above clause and the rest of this is up an indent -akl
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
