Exemplo n.º 1
0
    def analyze(self, avc):
        if avc.matches_source_types("httpd_t httpd_.*_script_t") and \
           avc.matches_target_types("httpd_.*t") and \
           (avc.tclass == "file" or avc.tclass == "dir") and \
           ( not selinux.security_get_boolean_active("httpd_unified")) and \
           ( not selinux.security_get_boolean_active("httpd_enable_cgi")):
            return self.report()

        return None
    def analyze(self, avc):
        if (avc.matches_source_types("httpd_t httpd_.*_script_t") and
           avc.matches_target_types("httpd_.*t") and
           (avc.tclass == "file" or avc.tclass == "dir") and
           ( not selinux.security_get_boolean_active("httpd_unified")) and
           ( not selinux.security_get_boolean_active("httpd_enable_cgi"))):
            return self.report()

        return None
Exemplo n.º 3
0
def get_boolean_value(module, name):
    state = 0
    try:
        state = selinux.security_get_boolean_active(name)
    except OSError, e:
        module.fail_json(
            msg="Failed to determine current state for boolean %s" % name)
Exemplo n.º 4
0
 def __getbooleans(self):
     booleans = []
     if not kickstart.selinux_enabled(self.ks) or not os.path.exists("/selinux/enforce"):
         return booleans
     for i in  selinux.security_get_boolean_names()[1]:
         on = selinux.security_get_boolean_active(i)
         booleans.append(("/booleans/%s" % i, "%d %d" % (on, on)))
     return booleans
Exemplo n.º 5
0
def get_boolean_value(module, name):
    state = 0
    try:
        state = selinux.security_get_boolean_active(name)
    except OSError:
        module.fail_json(msg="Failed to determine current state for boolean %s" % name)
    if state == 1:
        return True
    else:
        return False
Exemplo n.º 6
0
 def test_boolean(self):
     import selinux
     boolean_status = {0: "--off", 1: "--on"}
     boolean_state = selinux.security_get_boolean_active("httpd_anon_write")
     # Test
     print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[not boolean_state])
     p = Popen(["semanage", "boolean", "-m", boolean_status[(not boolean_state)], "httpd_anon_write"], stdout=PIPE)
     out, err = p.communicate()
     self.assertSuccess(p.returncode, err)
     print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[boolean_state])
     p = Popen(["semanage", "boolean", "-m", boolean_status[boolean_state], "httpd_anon_write"], stdout=PIPE)
     out, err = p.communicate()
     self.assertSuccess(p.returncode, err)
Exemplo n.º 7
0
 def test_boolean(self):
     import selinux
     boolean_status={0:"--off",1:"--on"}
     boolean_state=selinux.security_get_boolean_active("httpd_anon_write")
     # Test
     print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[not boolean_state])
     p = Popen(["semanage","boolean","-m",boolean_status[(not boolean_state)],"httpd_anon_write"], stdout = PIPE)
     out, err = p.communicate()
     self.assertSuccess(p.returncode, err)
     print("Verify semanage boolean -m %s httpd_anon_write" % boolean_status[boolean_state])
     p = Popen(["semanage","boolean","-m",boolean_status[boolean_state],"httpd_anon_write"], stdout = PIPE)
     out, err = p.communicate()
     self.assertSuccess(p.returncode, err)
Exemplo n.º 8
0
def sepolicy_booleans_json_generator():
    for bool in sepolicy.get_all_bools():
        name = bool['name']
        active_flag = selinux.security_get_boolean_active(name)
        current = (False, True)[active_flag]
        records = booleanRecords()
        desc = records.get_desc(name)
        yield {
            "name": name,
            "current": current,
            "default": bool['state'],
            "desc": desc,
        }
Exemplo n.º 9
0
	def get_all(self, locallist = 0):
		ddict = {}
                if locallist:
                       (rc, self.blist) = semanage_bool_list_local(self.sh)
                else:
                       (rc, self.blist) = semanage_bool_list(self.sh)
		if rc < 0:
			raise ValueError(_("Could not list booleans"))

		for boolean in self.blist:
                       value = []
                       name = semanage_bool_get_name(boolean)
                       value.append(semanage_bool_get_value(boolean))
                       value.append(selinux.security_get_boolean_pending(name))
                       value.append(selinux.security_get_boolean_active(name))
                       ddict[name] = value

		return ddict
Exemplo n.º 10
0
def get_bools(setype):
    bools = []
    domainbools = []
    domainname, short_name = gen_short_name(setype)
    for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x, search([ALLOW], {'source': setype}))):
        for b in i:
            if not isinstance(b, tuple):
                continue
            try:
                enabled = selinux.security_get_boolean_active(b[0])
            except OSError:
                enabled = b[1]
            if b[0].startswith(short_name) or b[0].startswith(domainname):
                if (b[0], enabled) not in domainbools and (b[0], not enabled) not in domainbools:
                    domainbools.append((b[0], enabled))
            else:
                if (b[0], enabled) not in bools and (b[0], not enabled) not in bools:
                    bools.append((b[0], enabled))
    return (domainbools, bools)
Exemplo n.º 11
0
def get_bools(setype):
    bools = []
    domainbools = []
    domainname, short_name = gen_short_name(setype)
    for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x and x['source'] == setype, get_all_allow_rules())):
        for b in i:
            if not isinstance(b, tuple):
                continue
            try:
                enabled = selinux.security_get_boolean_active(b[0])
            except OSError:
                enabled = b[1]
            if b[0].startswith(short_name) or b[0].startswith(domainname):
                if (b[0], enabled) not in domainbools and (b[0], not enabled) not in domainbools:
                    domainbools.append((b[0], enabled))
            else:
                if (b[0], enabled) not in bools and (b[0], not enabled) not in bools:
                    bools.append((b[0], enabled))
    return (domainbools, bools)
Exemplo n.º 12
0
def get_bools(setype):
    bools = []
    domainbools = []
    domainname, short_name = gen_short_name(setype)
    for i in [x['boolean'] for x in [x for x in search([ALLOW],{'source' : setype}) if 'boolean' in x]]:
        for b in i:
            if not isinstance(b,tuple):
                continue
            try:
                enabled = selinux.security_get_boolean_active(b[0])
            except OSError:
                enabled = b[1]
            if b[0].startswith(short_name) or b[0].startswith(domainname):
                if (b[0], enabled) not in domainbools and (b[0], not enabled) not in domainbools:
                    domainbools.append((b[0], enabled))
            else:
                if (b[0], enabled) not in bools and (b[0], not enabled) not in bools:
                    bools.append((b[0],enabled))
    return (domainbools, bools)
Exemplo n.º 13
0
def check_cause(exception):
    """
    Check, whether exception was thrown due to some known problem.
    If it's known, provide some hints for user, so that he can fix it.
    @return { 'description' : dsc, 'fix': fix} in case, that
    problem is known, None otherwise.
    """
    if (not isinstance(exception, pywbem.CIMError) or exception.args[0] != 0):
        return
    if (_RE_ERRNO_13.match(exception.args[1]) and util.is_selinux_running()):
        import selinux
        if not selinux.security_get_boolean_active(
                "httpd_can_network_connect"):
            cause = ("SELinux prevents YAWN"
                     " from connecting to the network using TCP.")
            solution = SafeString(
                'Please run as root:<br/>'
                '<span class="code_snippet">'
                '&nbsp;&nbsp;setsebool -P httpd_can_network_connect 1</span>')
            return {"description": cause, "fix": solution}
Exemplo n.º 14
0
def check_cause(exception):
    """
    Check, whether exception was thrown due to some known problem.
    If it's known, provide some hints for user, so that he can fix it.
    @return { 'description' : dsc, 'fix': fix} in case, that
    problem is known, None otherwise.
    """
    if not isinstance(exception, pywbem.CIMError) or exception.args[0] != 0:
        return
    if _RE_ERRNO_13.match(exception.args[1]) and util.is_selinux_running():
        import selinux

        if not selinux.security_get_boolean_active("httpd_can_network_connect"):
            cause = "SELinux prevents YAWN" " from connecting to the network using TCP."
            solution = SafeString(
                "Please run as root:<br/>"
                '<span class="code_snippet">'
                "&nbsp;&nbsp;setsebool -P httpd_can_network_connect 1</span>"
            )
            return {"description": cause, "fix": solution}
Exemplo n.º 15
0
def get_boolean_active(boolean):
    try:
        return selinux.security_get_boolean_active(boolean)
    except:
        return False