def test_writeaboolean(self, sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose:
print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose:
print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key, old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def test_writeaboolean(self,sh):
print "Testing active boolean write..."
(status, key) = semanage.semanage_bool_key_create(sh, "allow_execmem")
if status < 0:
raise Error("Could not create SEBool key")
if self.verbose: print "SEBool key created: ", key
(status, old_bool) = semanage.semanage_bool_query_active(sh, key)
if status < 0:
raise Error("Could not query old SEBool")
if self.verbose: print "Query status (commit number): ", status
(status, abool) = semanage.semanage_bool_create(sh)
if status < 0:
raise Error("Could not create SEBool object")
if self.verbose: print "SEBool object created."
status = semanage.semanage_bool_set_name(sh, abool, "allow_execmem")
if status < 0:
raise Error("Could not set name")
if self.verbose: print "SEBool name set: ", semanage.semanage_bool_get_name(abool)
semanage.semanage_bool_set_value(abool, 0)
if self.verbose: print "SEbool value set: ", semanage.semanage_bool_get_value(abool)
print "Starting transaction..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh,key,abool)
if status < 0:
raise Error("Could not modify SEBool")
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit test transaction")
print "Commit status (transaction number): ", status
print "Resetting old active boolean..."
status = semanage.semanage_begin_transaction(sh)
if status < 0:
raise Error("Could not start semanage transaction")
status = semanage.semanage_bool_set_active(sh, key,old_bool)
if status < 0:
raise Error("Could not reset test SEBool")
if self.verbose: print "SEBool active reset: ", status
status = semanage.semanage_commit(sh)
if status < 0:
raise Error("Could not commit reset transaction")
print "Commit status (transaction number): ", status
semanage.semanage_bool_key_free(key)
semanage.semanage_bool_free(abool)
semanage.semanage_bool_free(old_bool)
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(
msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(
msg="Cannot set persistent booleans without managed policy"
)
else:
module.fail_json(
msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(
msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" %
(name, str(e)))
return True
def semanage_boolean_value(module, name, state):
rc = 0
value = 0
if state:
value = 1
handle = semanage.semanage_handle_create()
if handle is None:
module.fail_json(msg="Failed to create semanage library handle")
try:
managed = semanage.semanage_is_managed(handle)
if managed < 0:
module.fail_json(msg="Failed to determine whether policy is manage")
if managed == 0:
if os.getuid() == 0:
module.fail_json(msg="Cannot set persistent booleans without managed policy")
else:
module.fail_json(msg="Cannot set persistent booleans; please try as root")
if semanage.semanage_connect(handle) < 0:
module.fail_json(msg="Failed to connect to semanage")
if semanage.semanage_begin_transaction(handle) < 0:
module.fail_json(msg="Failed to begin semanage transaction")
rc, sebool = semanage.semanage_bool_create(handle)
if rc < 0:
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, sebool, name) < 0:
module.fail_json(msg="Failed to set seboolean name with semanage")
semanage.semanage_bool_set_value(sebool, value)
rc, boolkey = semanage.semanage_bool_key_extract(handle, sebool)
if rc < 0:
module.fail_json(msg="Failed to extract boolean key with semanage")
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
module.fail_json(msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(sebool)
semanage.semanage_set_reload(handle, 0)
if semanage.semanage_commit(handle) < 0:
module.fail_json(msg="Failed to commit changes to semanage")
semanage.semanage_disconnect(handle)
semanage.semanage_handle_destroy(handle)
except Exception:
e = get_exception()
module.fail_json(msg="Failed to manage policy for boolean %s: %s" % (name, str(e)))
return True
def semanage_set_boolean_value(module, handle, name, value):
rc, t_b = semanage.semanage_bool_create(handle)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to create seboolean with semanage")
if semanage.semanage_bool_set_name(handle, t_b, name) < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to set seboolean name with semanage")
rc, boolkey = semanage.semanage_bool_key_extract(handle, t_b)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to extract boolean key with semanage")
rc, exists = semanage.semanage_bool_exists(handle, boolkey)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to check if boolean is defined")
if not exists:
semanage.semanage_handle_destroy(handle)
module.fail_json(
msg="SELinux boolean %s is not defined in persistent policy" %
name)
rc, sebool = semanage.semanage_bool_query(handle, boolkey)
if rc < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to query boolean in persistent policy")
semanage.semanage_bool_set_value(sebool, value)
if semanage.semanage_bool_modify_local(handle, boolkey, sebool) < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to modify boolean key with semanage")
if semanage.semanage_bool_set_active(handle, boolkey, sebool) < 0:
semanage.semanage_handle_destroy(handle)
module.fail_json(msg="Failed to set boolean key active with semanage")
semanage.semanage_bool_key_free(boolkey)
semanage.semanage_bool_free(t_b)
semanage.semanage_bool_free(sebool)
