4:18 ?÷able module %s") % m) self.commit() # Obsolete - "add()" does the same while allowing the user to set priority def modify(self, file): if not os.path.exists(file): raise ValueError(_("Module does not exists %s ") % file) # Priority was left unchanged, default is 400 rc = semanage_module_install_file(self.sh, file) if rc >= 0: self.commit() def delete(self, module, priority): if not module: raise ValueError(_("You did not define module name.")) rc = semanage_set_default_priority(self.sh, priority) if rc < 0: raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) for m in module.split(): rc = semanage_module_remove(self.sh, m) if rc < 0 and rc != -2: raise ValueError(_("Could not remove module %s (remove failed)") % m) self.commit() def deleteall(self): l = [x[0] for x in [t for t in self.get_all() if t[1] == 0]] for m in l: self.set_enabled(m, True) class dontauditClass(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) def toggle(self, dontaudit): if dontaudit not in ["on", "off"]: raise ValueError(_("dontaudit requires either 'on' or 'off'")) self.begin() rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off") self.commit() class permissiveRecords(semanageRecords): def __init__(self, store): semanageRecords.__init__(self, store) def get_all(self): l = [] (rc, mlist, number) = semanage_module_list(self.sh) if rc < 0: raise ValueError(_("Could not list SELinux modules")) for i in range(number): mod = semanage_module_list_nth(mlist, i) name = semanage_module_get_name(mod) if name and name.startswith("permissive_"): l.append(name.split("permissive_")[1]) return l def list(self, heading=True, locallist=False): ALL = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]] if len(ALL) == 0: return customized = self.get_all() if heading: print("\n%-25s\n" % (_("Customized Permissive Types"))) for t in customized: print(t) if locallist: return if heading: print("\n%-25s\n" % (_("Builtin Permissive Types"))) for t in ALL: if t not in customized: print(t) def add(self, setype): import glob if setype not in sepolicy.get_all_domains(): raise ValueError(_("%s is not a domain type") % setype ) try: import sepolgen.module as module except ImportError: raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro.")) name = "permissive_%s" % setype modtxt = "(typepermissive %s)" % setype rc = semanage_module_install(self.sh, modtxt, len(modtxt), name, "cil") if rc >= 0: self.commit() if rc < 0: