def read_selinux_config(self): self.initialtype = selinux.selinux_getpolicytype()[1] try: self.initEnabled = selinux.selinux_getenforcemode()[1] except: self.initEnabled = False pass self.enabled = self.initEnabled self.enabledOptionMenu.set_active(self.enabled + 1) self.types = [] n = 0 current = n for i in os.listdir(SELINUXDIR): if os.path.isdir(SELINUXDIR + i) and os.path.isdir(SELINUXDIR + i + "/policy"): self.types.append(i) self.selinuxTypeOptionMenu.append_text(i) if i == self.initialtype: current = n n = n + 1 self.selinuxTypeOptionMenu.set_active(current) self.typeHistory = current return 0
def get_selinux_status(): ''' Get SELinux status information ''' try: import selinux except ImportError: api.report_error( "SELinux Import Error", details="libselinux-python package must be installed.") return outdata = dict({'enabled': selinux.is_selinux_enabled() == 1}) outdata['mls_enabled'] = selinux.is_selinux_mls_enabled() == 1 try: outdata['runtime_mode'] = "enforcing" if selinux.security_getenforce( ) == 1 else "permissive" # FIXME: check selinux_getenforcemode[0] (that should be return value of a underneath function) enforce_mode = selinux.selinux_getenforcemode()[1] if enforce_mode >= 0: outdata[ 'static_mode'] = "enforcing" if enforce_mode == 1 else "permissive" else: outdata['static_mode'] = "disabled" outdata['policy'] = selinux.selinux_getpolicytype()[1] except OSError: # This happens when SELinux is disabled # [Errno 2] No such file or directory outdata['runtime_mode'] = 'permissive' outdata['static_mode'] = 'disabled' outdata['policy'] = 'targeted' return SELinuxFacts(**outdata)
def collect(self, module=None, collected_facts=None): facts_dict = {} selinux_facts = {} # If selinux library is missing, only set the status and selinux_python_present since # there is no way to tell if SELinux is enabled or disabled on the system # without the library. if not HAVE_SELINUX: selinux_facts['status'] = 'Missing selinux Python library' facts_dict['selinux'] = selinux_facts facts_dict['selinux_python_present'] = False return facts_dict # Set a boolean for testing whether the Python library is present facts_dict['selinux_python_present'] = True if not selinux.is_selinux_enabled(): selinux_facts['status'] = 'disabled' else: selinux_facts['status'] = 'enabled' try: selinux_facts['policyvers'] = selinux.security_policyvers() except (AttributeError, OSError): selinux_facts['policyvers'] = 'unknown' try: (rc, configmode) = selinux.selinux_getenforcemode() if rc == 0: selinux_facts['config_mode'] = SELINUX_MODE_DICT.get( configmode, 'unknown') else: selinux_facts['config_mode'] = 'unknown' except (AttributeError, OSError): selinux_facts['config_mode'] = 'unknown' try: mode = selinux.security_getenforce() selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown') except (AttributeError, OSError): selinux_facts['mode'] = 'unknown' try: (rc, policytype) = selinux.selinux_getpolicytype() if rc == 0: selinux_facts['type'] = policytype else: selinux_facts['type'] = 'unknown' except (AttributeError, OSError): selinux_facts['type'] = 'unknown' facts_dict['selinux'] = selinux_facts return facts_dict
def collect(self, module=None, collected_facts=None): facts_dict = {} selinux_facts = {} # If selinux library is missing, only set the status and selinux_python_present since # there is no way to tell if SELinux is enabled or disabled on the system # without the library. if not HAVE_SELINUX: selinux_facts['status'] = 'Missing selinux Python library' facts_dict['selinux'] = selinux_facts facts_dict['selinux_python_present'] = False return facts_dict # Set a boolean for testing whether the Python library is present facts_dict['selinux_python_present'] = True if not selinux.is_selinux_enabled(): selinux_facts['status'] = 'disabled' else: selinux_facts['status'] = 'enabled' try: selinux_facts['policyvers'] = selinux.security_policyvers() except (AttributeError, OSError): selinux_facts['policyvers'] = 'unknown' try: (rc, configmode) = selinux.selinux_getenforcemode() if rc == 0: selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown') else: selinux_facts['config_mode'] = 'unknown' except (AttributeError, OSError): selinux_facts['config_mode'] = 'unknown' try: mode = selinux.security_getenforce() selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown') except (AttributeError, OSError): selinux_facts['mode'] = 'unknown' try: (rc, policytype) = selinux.selinux_getpolicytype() if rc == 0: selinux_facts['type'] = policytype else: selinux_facts['type'] = 'unknown' except (AttributeError, OSError): selinux_facts['type'] = 'unknown' facts_dict['selinux'] = selinux_facts return facts_dict
def collect(self, module=None, collected_facts=None): facts_dict = {} selinux_facts = {} # This is weird. The value of the facts 'selinux' key can be False or a dict if not HAVE_SELINUX: facts_dict['selinux'] = False facts_dict['selinux_python_present'] = False return facts_dict facts_dict['selinux_python_present'] = True if not selinux.is_selinux_enabled(): selinux_facts['status'] = 'disabled' # NOTE: this could just return in the above clause and the rest of this is up an indent -akl else: selinux_facts['status'] = 'enabled' try: selinux_facts['policyvers'] = selinux.security_policyvers() except (AttributeError, OSError): selinux_facts['policyvers'] = 'unknown' try: (rc, configmode) = selinux.selinux_getenforcemode() if rc == 0: selinux_facts['config_mode'] = SELINUX_MODE_DICT.get( configmode, 'unknown') else: selinux_facts['config_mode'] = 'unknown' except (AttributeError, OSError): selinux_facts['config_mode'] = 'unknown' try: mode = selinux.security_getenforce() selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown') except (AttributeError, OSError): selinux_facts['mode'] = 'unknown' try: (rc, policytype) = selinux.selinux_getpolicytype() if rc == 0: selinux_facts['type'] = policytype else: selinux_facts['type'] = 'unknown' except (AttributeError, OSError): selinux_facts['type'] = 'unknown' facts_dict['selinux'] = selinux_facts return facts_dict
def collect(self, module=None, collected_facts=None): facts_dict = {} selinux_facts = {} # This is weird. The value of the facts 'selinux' key can be False or a dict if not HAVE_SELINUX: facts_dict['selinux'] = False facts_dict['selinux_python_present'] = False return facts_dict facts_dict['selinux_python_present'] = True if not selinux.is_selinux_enabled(): selinux_facts['status'] = 'disabled' # NOTE: this could just return in the above clause and the rest of this is up an indent -akl else: selinux_facts['status'] = 'enabled' try: selinux_facts['policyvers'] = selinux.security_policyvers() except (AttributeError, OSError): selinux_facts['policyvers'] = 'unknown' try: (rc, configmode) = selinux.selinux_getenforcemode() if rc == 0: selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown') else: selinux_facts['config_mode'] = 'unknown' except (AttributeError, OSError): selinux_facts['config_mode'] = 'unknown' try: mode = selinux.security_getenforce() selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown') except (AttributeError, OSError): selinux_facts['mode'] = 'unknown' try: (rc, policytype) = selinux.selinux_getpolicytype() if rc == 0: selinux_facts['type'] = policytype else: selinux_facts['type'] = 'unknown' except (AttributeError, OSError): selinux_facts['type'] = 'unknown' facts_dict['selinux'] = selinux_facts return facts_dict