diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-04-25 11:18:24 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-04-25 11:18:31 -0400 |
commit | 92f321fd9ce5301fc2a0fe73f014e7aa721bf6d5 (patch) | |
tree | e8759ce562c1d6f1f04200a35210cf57641e2256 | |
parent | a5f2babaf3ba298cac7f9babdf9b568f26d71a58 (diff) | |
download | bcfg2-92f321fd9ce5301fc2a0fe73f014e7aa721bf6d5.tar.gz bcfg2-92f321fd9ce5301fc2a0fe73f014e7aa721bf6d5.tar.bz2 bcfg2-92f321fd9ce5301fc2a0fe73f014e7aa721bf6d5.zip |
SELinux: added MLS ranges to all entries that support them
-rw-r--r-- | schemas/selinux.xsd | 42 | ||||
-rw-r--r-- | src/lib/Bcfg2/Client/Tools/SELinux.py | 20 |
2 files changed, 54 insertions, 8 deletions
diff --git a/schemas/selinux.xsd b/schemas/selinux.xsd index 760953e34..3651549f5 100644 --- a/schemas/selinux.xsd +++ b/schemas/selinux.xsd @@ -80,6 +80,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to this port + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> @@ -127,6 +134,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to files matching this specification + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> @@ -157,6 +171,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to this node + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> @@ -205,6 +226,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to this user + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> @@ -235,6 +263,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to this user + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> @@ -258,6 +293,13 @@ </xsd:documentation> </xsd:annotation> </xsd:attribute> + <xsd:attribute type="xsd:token" name="mlsrange"> + <xsd:annotation> + <xsd:documentation> + SELinux MLS range to apply to this interface + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> <xsd:attributeGroup ref="py:genshiAttrs"/> </xsd:complexType> diff --git a/src/lib/Bcfg2/Client/Tools/SELinux.py b/src/lib/Bcfg2/Client/Tools/SELinux.py index 19d3fa6fc..0b4aba60d 100644 --- a/src/lib/Bcfg2/Client/Tools/SELinux.py +++ b/src/lib/Bcfg2/Client/Tools/SELinux.py @@ -500,7 +500,8 @@ class SELinuxSeportHandler(SELinuxEntryHandler): def _defaultargs(self, entry): """ argument list for adding and modifying entries """ (port, proto) = entry.get("name").split("/") - return (port, proto, '', entry.get("selinuxtype")) + return (port, proto, entry.get("mlsrange", ""), + entry.get("selinuxtype")) def _deleteargs(self, entry): return tuple(entry.get("name").split("/")) @@ -573,7 +574,7 @@ class SELinuxSefcontextHandler(SELinuxEntryHandler): """ argument list for adding, modifying, and deleting entries """ return (entry.get("name"), entry.get("selinuxtype"), self.filetypeargs[entry.get("filetype", "all")], - '', '') + entry.get("mlsrange", ""), '') def primarykey(self, entry): return ":".join([entry.tag, entry.get("name"), @@ -608,7 +609,7 @@ class SELinuxSenodeHandler(SELinuxEntryHandler): def _defaultargs(self, entry): """ argument list for adding, modifying, and deleting entries """ (addr, netmask) = entry.get("name").split("/") - return (addr, netmask, entry.get("proto"), "", + return (addr, netmask, entry.get("proto"), entry.get("mlsrange", ""), entry.get("selinuxtype")) @@ -620,7 +621,8 @@ class SELinuxSeloginHandler(SELinuxEntryHandler): def _defaultargs(self, entry): """ argument list for adding, modifying, and deleting entries """ - return (entry.get("name"), entry.get("selinuxuser"), "") + return (entry.get("name"), entry.get("selinuxuser"), + entry.get("mlsrange", "")) class SELinuxSeuserHandler(SELinuxEntryHandler): @@ -660,15 +662,16 @@ class SELinuxSeuserHandler(SELinuxEntryHandler): # prefix. see the comment in Install() above for more # details. rv = [entry.get("name"), - entry.get("roles", "").replace(" ", ",").split(",")] + entry.get("roles", "").replace(" ", ",").split(","), + '', entry.get("mlsrange", "")] if self.needs_prefix: - rv.extend(['', '', entry.get("prefix")]) + rv.append(entry.get("prefix")) else: key = self._key(entry) if key in self.all_records: attrs = self._key2attrs(key) if attrs['prefix'] != entry.get("prefix"): - rv.extend(['', '', entry.get("prefix")]) + rv.append(entry.get("prefix")) return tuple(rv) @@ -680,7 +683,8 @@ class SELinuxSeinterfaceHandler(SELinuxEntryHandler): def _defaultargs(self, entry): """ argument list for adding, modifying, and deleting entries """ - return (entry.get("name"), '', entry.get("selinuxtype")) + return (entry.get("name"), entry.get("mlsrange", ""), + entry.get("selinuxtype")) class SELinuxSepermissiveHandler(SELinuxEntryHandler): |