RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-02 19:52:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

semanage_migrate_store: switch to space indentation

Browse Source 
The script used both tabs and space to indent the code, using a tab
length of 8 (in calls to parser.add_option(...)). Make the code more
readable by using spaces for indentation everywhere.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2018-12-19 23:13:20 +01:00 committed by Petr Lautrbach
parent cc6d99db4e
commit 0c02ae1cd8
1 changed files with 203 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

406
libsemanage/utils/semanage_migrate_store
View File

@ -10,287 +10,287 @@ from optparse import OptionParser
try: try:
import selinux import selinux
import semanage import semanage
except ImportError: except ImportError:
print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr) print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr)
exit(1) exit(1)
def copy_file(src, dst): def copy_file(src, dst):
if DEBUG: if DEBUG:
print("copying %s to %s" % (src, dst)) print("copying %s to %s" % (src, dst))
try: try:
shutil.copy(src, dst) shutil.copy(src, dst)
except OSError as the_err: except OSError as the_err:
(err, strerr) = the_err.args (err, strerr) = the_err.args
print("Could not copy %s to %s, %s" % (src, dst, strerr), file=sys.stderr) print("Could not copy %s to %s, %s" % (src, dst, strerr), file=sys.stderr)
exit(1) exit(1)
def create_dir(dst, mode): def create_dir(dst, mode):
if DEBUG: if DEBUG:
print("Making directory %s" % dst) print("Making directory %s" % dst)
try: try:
os.makedirs(dst, mode) os.makedirs(dst, mode)
except OSError as the_err: except OSError as the_err:
(err, stderr) = the_err.args (err, stderr) = the_err.args
if err == errno.EEXIST: if err == errno.EEXIST:
pass pass
else: else:
print("Error creating %s" % dst, file=sys.stderr) print("Error creating %s" % dst, file=sys.stderr)
exit(1) exit(1)
def create_file(dst): def create_file(dst):
if DEBUG: if DEBUG:
print("Making file %s" % dst) print("Making file %s" % dst)
try: try:
open(dst, 'a').close() open(dst, 'a').close()
except OSError as the_err: except OSError as the_err:
(err, stderr) = the_err.args (err, stderr) = the_err.args
print("Error creating %s" % dst, file=sys.stderr) print("Error creating %s" % dst, file=sys.stderr)
exit(1) exit(1)
def copy_module(store, name, base): def copy_module(store, name, base):
if DEBUG: if DEBUG:
print("Install module %s" % name) print("Install module %s" % name)
(file, ext) = os.path.splitext(name) (file, ext) = os.path.splitext(name)
if ext != ".pp": if ext != ".pp":
# Stray non-pp file in modules directory, skip # Stray non-pp file in modules directory, skip
print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) print("warning: %s has invalid extension, skipping" % name, file=sys.stderr)
return return
try: try:
if base: if base:
root = oldstore_path(store) root = oldstore_path(store)
else: else:
root = oldmodules_path(store) root = oldmodules_path(store)
bottomdir = bottomdir_path(store) bottomdir = bottomdir_path(store)
os.mkdir("%s/%s" % (bottomdir, file)) os.mkdir("%s/%s" % (bottomdir, file))
copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file))
# This is the ext file that will eventually be used to choose a compiler # This is the ext file that will eventually be used to choose a compiler
efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600)
efile.write("pp") efile.write("pp")
efile.close() efile.close()
except (IOError, OSError): except (IOError, OSError):
print("Error installing module %s" % name, file=sys.stderr) print("Error installing module %s" % name, file=sys.stderr)
exit(1) exit(1)
def disable_module(file, name, disabledmodules): def disable_module(file, name, disabledmodules):
if DEBUG: if DEBUG:
print("Disabling %s" % name) print("Disabling %s" % name)
(disabledname, disabledext) = os.path.splitext(file) (disabledname, disabledext) = os.path.splitext(file)
create_file("%s/%s" % (disabledmodules, disabledname)) create_file("%s/%s" % (disabledmodules, disabledname))
def migrate_store(store): def migrate_store(store):
oldstore = oldstore_path(store) oldstore = oldstore_path(store)
oldmodules = oldmodules_path(store) oldmodules = oldmodules_path(store)
disabledmodules = disabledmodules_path(store) disabledmodules = disabledmodules_path(store)
newstore = newstore_path(store) newstore = newstore_path(store)
newmodules = newmodules_path(store) newmodules = newmodules_path(store)
bottomdir = bottomdir_path(store) bottomdir = bottomdir_path(store)
print("Migrating from %s to %s" % (oldstore, newstore)) print("Migrating from %s to %s" % (oldstore, newstore))
# Build up new directory structure # Build up new directory structure
create_dir("%s/%s" % (newroot_path(), store), 0o755) create_dir("%s/%s" % (newroot_path(), store), 0o755)
create_dir(newstore, 0o700) create_dir(newstore, 0o700)
create_dir(newmodules, 0o700) create_dir(newmodules, 0o700)
create_dir(bottomdir, 0o700) create_dir(bottomdir, 0o700)
create_dir(disabledmodules, 0o700) create_dir(disabledmodules, 0o700)
# Special case for base since it was in a different location # Special case for base since it was in a different location
copy_module(store, "base.pp", 1) copy_module(store, "base.pp", 1)
# Dir structure built, start copying files # Dir structure built, start copying files
for root, dirs, files in os.walk(oldstore): for root, dirs, files in os.walk(oldstore):
if root == oldstore: if root == oldstore:
# This is the top level directory, need to move # This is the top level directory, need to move
for name in files: for name in files:
# Check to see if it is in TOPPATHS and copy if so # Check to see if it is in TOPPATHS and copy if so
if name in TOPPATHS: if name in TOPPATHS:
if name == "seusers": if name == "seusers":
newname = "seusers.local" newname = "seusers.local"
else: else:
newname = name newname = name
copy_file(os.path.join(root, name), os.path.join(newstore, newname)) copy_file(os.path.join(root, name), os.path.join(newstore, newname))
elif root == oldmodules: elif root == oldmodules:
# This should be the modules directory # This should be the modules directory
for name in files: for name in files:
(file, ext) = os.path.splitext(name) (file, ext) = os.path.splitext(name)
if name == "base.pp": if name == "base.pp":
print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) print("Error installing module %s, name conflicts with base" % name, file=sys.stderr)
exit(1) exit(1)
elif ext == ".disabled": elif ext == ".disabled":
disable_module(file, name, disabledmodules) disable_module(file, name, disabledmodules)
else: else:
copy_module(store, name, 0) copy_module(store, name, 0)
def rebuild_policy(): def rebuild_policy():
# Ok, the modules are loaded, lets try to rebuild the policy # Ok, the modules are loaded, lets try to rebuild the policy
print("Attempting to rebuild policy from %s" % newroot_path()) print("Attempting to rebuild policy from %s" % newroot_path())
curstore = selinux.selinux_getpolicytype()[1] curstore = selinux.selinux_getpolicytype()[1]
handle = semanage.semanage_handle_create() handle = semanage.semanage_handle_create()
if not handle: if not handle:
print("Could not create semanage handle", file=sys.stderr) print("Could not create semanage handle", file=sys.stderr)
exit(1) exit(1)
semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT) semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT)
if not semanage.semanage_is_managed(handle): if not semanage.semanage_is_managed(handle):
semanage.semanage_handle_destroy(handle) semanage.semanage_handle_destroy(handle)
print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr) print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr)
exit(1) exit(1)
rc = semanage.semanage_access_check(handle) rc = semanage.semanage_access_check(handle)
if rc < semanage.SEMANAGE_CAN_WRITE: if rc < semanage.SEMANAGE_CAN_WRITE:
semanage.semanage_handle_destroy(handle) semanage.semanage_handle_destroy(handle)
print("Cannot write to policy store.", file=sys.stderr) print("Cannot write to policy store.", file=sys.stderr)
exit(1) exit(1)
rc = semanage.semanage_connect(handle) rc = semanage.semanage_connect(handle)
if rc < 0: if rc < 0:
semanage.semanage_handle_destroy(handle) semanage.semanage_handle_destroy(handle)
print("Could not establish semanage connection", file=sys.stderr) print("Could not establish semanage connection", file=sys.stderr)
exit(1) exit(1)
semanage.semanage_set_rebuild(handle, 1) semanage.semanage_set_rebuild(handle, 1)
rc = semanage.semanage_begin_transaction(handle) rc = semanage.semanage_begin_transaction(handle)
if rc < 0: if rc < 0:
semanage.semanage_handle_destroy(handle) semanage.semanage_handle_destroy(handle)
print("Could not begin transaction", file=sys.stderr) print("Could not begin transaction", file=sys.stderr)
exit(1) exit(1)
rc = semanage.semanage_commit(handle) rc = semanage.semanage_commit(handle)
if rc < 0: if rc < 0:
print("Could not commit transaction", file=sys.stderr) print("Could not commit transaction", file=sys.stderr)
semanage.semanage_handle_destroy(handle) semanage.semanage_handle_destroy(handle)
def oldroot_path(): def oldroot_path():
return "%s/etc/selinux" % ROOT return "%s/etc/selinux" % ROOT
def oldstore_path(store): def oldstore_path(store):
return "%s/%s/modules/active" % (oldroot_path(), store) return "%s/%s/modules/active" % (oldroot_path(), store)
def oldmodules_path(store): def oldmodules_path(store):
return "%s/modules" % oldstore_path(store) return "%s/modules" % oldstore_path(store)
def disabledmodules_path(store): def disabledmodules_path(store):
return "%s/disabled" % newmodules_path(store) return "%s/disabled" % newmodules_path(store)
def newroot_path(): def newroot_path():
return "%s%s" % (ROOT, PATH) return "%s%s" % (ROOT, PATH)
def newstore_path(store): def newstore_path(store):
return "%s/%s/active" % (newroot_path(), store) return "%s/%s/active" % (newroot_path(), store)
def newmodules_path(store): def newmodules_path(store):
return "%s/modules" % newstore_path(store) return "%s/modules" % newstore_path(store)
def bottomdir_path(store): def bottomdir_path(store):
return "%s/%s" % (newmodules_path(store), PRIORITY) return "%s/%s" % (newmodules_path(store), PRIORITY)
if __name__ == "__main__": if __name__ == "__main__":
parser = OptionParser() parser = OptionParser()
parser.add_option("-p", "--priority", dest="priority", default="100", parser.add_option("-p", "--priority", dest="priority", default="100",
help="Set priority of modules in new store (default: 100)") help="Set priority of modules in new store (default: 100)")
parser.add_option("-s", "--store", dest="store", default=None, parser.add_option("-s", "--store", dest="store", default=None,
help="Store to read from and write to") help="Store to read from and write to")
parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False,
help="Output debug information") help="Output debug information")
parser.add_option("-c", "--clean", dest="clean", action="store_true", default=False, parser.add_option("-c", "--clean", dest="clean", action="store_true", default=False,
help="Clean old modules directory after migrate (default: no)") help="Clean old modules directory after migrate (default: no)")
parser.add_option("-n", "--norebuild", dest="norebuild", action="store_true", default=False, parser.add_option("-n", "--norebuild", dest="norebuild", action="store_true", default=False,
help="Disable rebuilding policy after migration (default: no)") help="Disable rebuilding policy after migration (default: no)")
parser.add_option("-P", "--path", dest="path", parser.add_option("-P", "--path", dest="path",
help="Set path for the policy store (default: /var/lib/selinux)") help="Set path for the policy store (default: /var/lib/selinux)")
parser.add_option("-r", "--root", dest="root", parser.add_option("-r", "--root", dest="root",
help="Set an alternative root for the migration (default: /)") help="Set an alternative root for the migration (default: /)")
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
DEBUG = options.debug DEBUG = options.debug
PRIORITY = options.priority PRIORITY = options.priority
TYPE = options.store TYPE = options.store
CLEAN = options.clean CLEAN = options.clean
NOREBUILD = options.norebuild NOREBUILD = options.norebuild
PATH = options.path PATH = options.path
if PATH is None: if PATH is None:
PATH = "/var/lib/selinux" PATH = "/var/lib/selinux"
ROOT = options.root ROOT = options.root
if ROOT is None: if ROOT is None:
ROOT = "" ROOT = ""
# List of paths that go in the active 'root' # List of paths that go in the active 'root'
TOPPATHS = [ TOPPATHS = [
"commit_num", "commit_num",
"ports.local", "ports.local",
"interfaces.local", "interfaces.local",
"nodes.local", "nodes.local",
"booleans.local", "booleans.local",
"file_contexts.local", "file_contexts.local",
"seusers", "seusers",
"users.local", "users.local",
"users_extra", "users_extra",
"users_extra.local", "users_extra.local",
"disable_dontaudit", "disable_dontaudit",
"preserve_tunables", "preserve_tunables",
"policy.kern", "policy.kern",
"file_contexts", "file_contexts",
"homedir_template", "homedir_template",
"pkeys.local", "pkeys.local",
"ibendports.local"] "ibendports.local"]
create_dir(newroot_path(), 0o755) create_dir(newroot_path(), 0o755)
stores = None stores = None
if TYPE is not None: if TYPE is not None:
stores = [TYPE] stores = [TYPE]
else: else:
stores = os.listdir(oldroot_path()) stores = os.listdir(oldroot_path())
# find stores in oldroot and migrate them to newroot if necessary # find stores in oldroot and migrate them to newroot if necessary
for store in stores: for store in stores:
if not os.path.isdir(oldmodules_path(store)): if not os.path.isdir(oldmodules_path(store)):
# already migrated or not an selinux store # already migrated or not an selinux store
continue continue
if os.path.isdir(newstore_path(store)): if os.path.isdir(newstore_path(store)):
# store has already been migrated, but old modules dir still exits # store has already been migrated, but old modules dir still exits
print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr) print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr)
continue continue
migrate_store(store) migrate_store(store)
if CLEAN is True: if CLEAN is True:
def remove_error(function, path, execinfo): def remove_error(function, path, execinfo):
print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr) print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr)
shutil.rmtree(oldmodules_path(store), onerror=remove_error) shutil.rmtree(oldmodules_path(store), onerror=remove_error)
if NOREBUILD is False: if NOREBUILD is False:
rebuild_policy() rebuild_policy()