diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-07-03 08:56:47 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-07-03 08:56:47 -0400 |
commit | 09e934512dc053a96bd7b16c2c95563e055720f7 (patch) | |
tree | e1351268921fb0fc3b64df8d565044df25196930 /tools | |
parent | 9fe65b2fe9323da6583625cde1b2494352207d51 (diff) | |
download | bcfg2-09e934512dc053a96bd7b16c2c95563e055720f7.tar.gz bcfg2-09e934512dc053a96bd7b16c2c95563e055720f7.tar.bz2 bcfg2-09e934512dc053a96bd7b16c2c95563e055720f7.zip |
added selinux support
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/selinux_baseline.py | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/tools/selinux_baseline.py b/tools/selinux_baseline.py new file mode 100755 index 000000000..6ddc390a3 --- /dev/null +++ b/tools/selinux_baseline.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python + +import sys +import logging +import lxml.etree + +import Bcfg2.Logger +import Bcfg2.Options +from Bcfg2.Client.Tools.SELinux import * + +LOGGER = None + +def get_setup(): + global LOGGER + optinfo = Bcfg2.Options.CLIENT_COMMON_OPTIONS + setup = Bcfg2.Options.OptionParser(optinfo) + setup.parse(sys.argv[1:]) + + if setup['args']: + print("selinux_baseline.py takes no arguments, only options") + print(setup.buildHelpMessage()) + raise SystemExit(1) + level = 30 + if setup['verbose']: + level = 20 + if setup['debug']: + level = 0 + Bcfg2.Logger.setup_logging('selinux_base', + to_syslog=False, + level=level, + to_file=setup['logging']) + LOGGER = logging.getLogger('bcfg2') + return setup + +def main(): + setup = get_setup() + config = lxml.etree.Element("Configuration") + selinux = SELinux(LOGGER, setup, config) + + baseline = lxml.etree.Element("Bundle", name="selinux_baseline") + for etype, handler in selinux.handlers.items(): + baseline.append(lxml.etree.Comment("%s entries" % etype)) + extra = handler.FindExtra() + for entry in extra: + entry.tag = "BoundSELinux" + baseline.extend(extra) + + print lxml.etree.tostring(baseline, pretty_print=True) + +if __name__ == "__main__": + sys.exit(main()) |