def semanage_boolean_value(module, name, state): rc = 0 value = 0 if state: value = 1 handle = semanage.semanage_handle_create() if handle is None: module.fail_json(msg="Failed to create semanage library handle") try: managed = semanage.semanage_is_managed(handle) if managed < 0: module.fail_json( msg="Failed to determine whether policy is manage") if managed == 0: if os.getuid() == 0: module.fail_json( msg="Cannot set persistent booleans without managed policy" ) else: module.fail_json( msg="Cannot set persistent booleans; please try as root") if semanage.semanage_connect(handle) < 0: module.fail_json(msg="Failed to connect to semanage") if semanage.semanage_begin_transaction(handle) < 0: module.fail_json(msg="Failed to begin semanage transaction") rc, sebool = semanage.semanage_bool_create(handle) if rc < 0: module.fail_json(msg="Failed to create seboolean with semanage") if semanage.semanage_bool_set_name(handle, sebool, name) < 0: module.fail_json(msg="Failed to set seboolean name with semanage") semanage.semanage_bool_set_value(sebool, value) rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool) if rc < 0: module.fail_json(msg="Failed to extract boolean key with semanage") if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0: module.fail_json(msg="Failed to modify boolean key with semanage") if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0: module.fail_json( msg="Failed to set boolean key active with semanage") semanage.semanage_bool_key_free(boolkey) semanage.semanage_bool_free(sebool) semanage.semanage_set_reload(handle, 0) if semanage.semanage_commit(handle) < 0: module.fail_json(msg="Failed to commit changes to semanage") semanage.semanage_disconnect(handle) semanage.semanage_handle_destroy(handle) except Exception: e = get_exception() module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e))) return True
def semanage_boolean_value(module, name, state): rc = 0 value = 0 if state: value = 1 handle = semanage.semanage_handle_create() if handle is None: module.fail_json(msg="Failed to create semanage library handle") try: managed = semanage.semanage_is_managed(handle) if managed < 0: module.fail_json(msg="Failed to determine whether policy is manage") if managed == 0: if os.getuid() == 0: module.fail_json(msg="Cannot set persistent booleans without managed policy") else: module.fail_json(msg="Cannot set persistent booleans; please try as root") if semanage.semanage_connect(handle) < 0: module.fail_json(msg="Failed to connect to semanage") if semanage.semanage_begin_transaction(handle) < 0: module.fail_json(msg="Failed to begin semanage transaction") rc, sebool = semanage.semanage_bool_create(handle) if rc < 0: module.fail_json(msg="Failed to create seboolean with semanage") if semanage.semanage_bool_set_name(handle, sebool, name) < 0: module.fail_json(msg="Failed to set seboolean name with semanage") semanage.semanage_bool_set_value(sebool, value) rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool) if rc < 0: module.fail_json(msg="Failed to extract boolean key with semanage") if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0: module.fail_json(msg="Failed to modify boolean key with semanage") if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0: module.fail_json(msg="Failed to set boolean key active with semanage") semanage.semanage_bool_key_free(boolkey) semanage.semanage_bool_free(sebool) semanage.semanage_set_reload(handle, 0) if semanage.semanage_commit(handle) < 0: module.fail_json(msg="Failed to commit changes to semanage") semanage.semanage_disconnect(handle) semanage.semanage_handle_destroy(handle) except Exception: e = get_exception() module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e))) return True
def semanage_get_handle(module): handle = semanage.semanage_handle_create() if not handle: module.fail_json(msg="Failed to create semanage library handle") managed = semanage.semanage_is_managed(handle) if managed <= 0: semanage.semanage_handle_destroy(handle) if managed < 0: module.fail_json(msg="Failed to determine whether policy is manage") if managed == 0: if os.getuid() == 0: module.fail_json(msg="Cannot set persistent booleans without managed policy") else: module.fail_json(msg="Cannot set persistent booleans; please try as root") if semanage.semanage_connect(handle) < 0: semanage.semanage_handle_destroy(handle) module.fail_json(msg="Failed to connect to semanage") return handle
def main(argv=None): if argv is None: argv = sys.argv try: try: opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", ["help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all"]) tests = Tests() for o, a in opts: if o == "-v": tests.verbose = True print "Verbose output selected." if o == "-a": tests.all = True if o == "-u": tests.users = True if o == "-U": tests.writeuser = True if o == "-s": tests.seusers = True if o == "-S": tests.writeseuser = True if o == "-p": tests.ports = True if o == "-P": tests.writeport = True if o == "-f": tests.fcontexts = True if o == "-F": tests.writefcontext = True if o == "-i": tests.interfaces = True if o == "-I": tests.writeinterface = True if o == "-b": tests.booleans = True if o == "-B": tests.writeboolean = True if o == "-c": tests.abooleans = True if o == "-C": tests.writeaboolean = True if o == "-n": tests.nodes = True if o == "-N": tests.writenode = True if o == "-m": tests.modules = True if o == "-h": raise Usage(usage) if not tests.selected(): raise Usage("Please select a valid test.") except getopt.error, msg: raise Usage(msg) sh=semanage.semanage_handle_create() if (semanage.semanage_is_managed(sh) != 1): raise Status("Unmanaged!") status = semanage.semanage_connect(sh) if status < 0: raise Error("Could not establish semanage connection") tests.run(sh) status = semanage.semanage_disconnect(sh) if status < 0: raise Error("Could not disconnect") semanage.semanage_handle_destroy(sh)
def main(argv=None): if argv is None: argv = sys.argv try: try: opts, args = getopt.getopt(argv[1:], "hvmuspfibcUSPFIBCanN", [ "help", "verbose", "modules", "users", "seusers", "ports", "file contexts", "network interfaces", "booleans", "active booleans", "network nodes", "writeuser", "writeseuser", "writeport", "writefcontext", "writeinterface", "writeboolean", "writeaboolean", "writenode", "all", ]) tests = Tests() for o, a in opts: if o == "-v": tests.verbose = True print("Verbose output selected.") if o == "-a": tests.all = True if o == "-u": tests.users = True if o == "-U": tests.writeuser = True if o == "-s": tests.seusers = True if o == "-S": tests.writeseuser = True if o == "-p": tests.ports = True if o == "-P": tests.writeport = True if o == "-f": tests.fcontexts = True if o == "-F": tests.writefcontext = True if o == "-i": tests.interfaces = True if o == "-I": tests.writeinterface = True if o == "-b": tests.booleans = True if o == "-B": tests.writeboolean = True if o == "-c": tests.abooleans = True if o == "-C": tests.writeaboolean = True if o == "-n": tests.nodes = True if o == "-N": tests.writenode = True if o == "-m": tests.modules = True if o == "-h": raise Usage(usage) if not tests.selected(): raise Usage("Please select a valid test.") except getopt.error as msg: raise Usage(msg) sh = semanage.semanage_handle_create() if semanage.semanage_is_managed(sh) != 1: raise Status("Unmanaged!") status = semanage.semanage_connect(sh) if status < 0: raise Error("Could not establish semanage connection") tests.run(sh) status = semanage.semanage_disconnect(sh) if status < 0: raise Error("Could not disconnect") semanage.semanage_handle_destroy(sh) except Usage as err: print(err.msg, file=sys.stderr) except Status as err: print(err.msg, file=sys.stderr) except Error as err: print(err.msg, file=sys.stderr) return 2
# will work with python 2.6+ from __future__ import print_function from sys import exit try: import semanage except ImportError: # The semanage python library does not exist, so let's assume SELinux is disabled... # In this case, the correct response is to return no ports when puppet does a # prefetch, to avoid an error. We depend on the semanage binary anyway, which # is uses the library exit(0) handle = semanage.semanage_handle_create() if semanage.semanage_is_managed(handle) < 0: exit(1) if semanage.semanage_connect(handle) < 0: exit(1) def print_port(kind, port): con = semanage.semanage_port_get_con(port) con_str = semanage.semanage_context_to_string(handle, con) high = semanage.semanage_port_get_high(port) low = semanage.semanage_port_get_low(port) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) print(kind, con_str[1], high, low, proto_str) # Always list local ports afterwards so that the provider works correctly retval, ports = semanage.semanage_port_list(handle)
# will work with python 2.6+ from __future__ import print_function from sys import exit try: import semanage except ImportError: # The semanage python library does not exist, so let's assume SELinux is disabled... # In this case, the correct response is to return no ports when puppet does a # prefetch, to avoid an error. We depend on the semanage binary anyway, which # is uses the library exit(0) handle = semanage.semanage_handle_create() if semanage.semanage_is_managed(handle) < 0: exit(1) if semanage.semanage_connect(handle) < 0: exit(1) def print_port(kind, port): con = semanage.semanage_port_get_con(port) con_str = semanage.semanage_context_to_string(handle, con) high = semanage.semanage_port_get_high(port) low = semanage.semanage_port_get_low(port) proto = semanage.semanage_port_get_proto(port) proto_str = semanage.semanage_port_get_proto_str(proto) print(kind, con_str[1], high, low, proto_str)