This will allow users to specify a single port number and see which
portcons apply. This is more in line with user expectations than the
current exact match behavior. Closes#171.
- Add an iterator to extract the extended permissions rather than
returning only a string
- Add queries for determining if an avrule is extended, and what its
type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Add updates to seinfo and sesearch to test libqpol updates
added via [1].
Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.
[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Makes use simpler. The setools submodules map 1:1 to classes anyway;
the separate modules are simply to ease organization.
Change seinfo to use conditional setter use rather than conditional
instantiation of queries. Note: pylint disable is added because pylint
gets confused by the reuse of the q variable and thinks that q is always
BoolQuery, so it incorrectly reports missing member functions.
Not comprehensive yet. Only planning to do setools pkg (not policyrep),
with the exception being the SELinuxPolicy class in policyrep.
Avoids performance-critical paths. Use only info and debug so in normal
cases the user only sees messages if they ask for it (e.g. -v).
Catch all exceptions in the main bulk of the CLI code. We can't do anything
if there is an exception, so either print the error message from the
exception, or print the traceback if debug is enabled.
There are 3 major changes in this commit:
1/ Setting the default values to None instead of "". Indeed, when --all is
passed to the command line, default values are set to "" making the
'if insinstance(xxx, str)' being True, and thus the script takes the wrong
branch.
2/ if/elif/else have been replaced by if/else structure, to enable selection of
multiple switches. Selected component queries are stacked and displayed at
the end
3/ like the original seinfo, we append some descriptions string (info: count +
indented results) to the output
* Restructure queries to only have one output
* Fix portcon help info to be clearer about specifying ports
* Cover all functions with exception handling
