Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: Patch to semanage Date: Thu, 27 Aug 2009 17:39:27 -0400

Redone to match man page and remove reload_policy. Chad Sellers: This patch adds the dontaudit directive to semanage to enable/disable dontaudit rules in policy. Signed-off-by: Chad Sellers <csellers@tresys.com>
2025-02-28 23:40:35 +00:00 · 2009-08-27 18:10:14 -04:00 · 2009-08-27 18:10:14 -04:00 · 5aa2efb8f9
commit 5aa2efb8f9
parent f3d9262568
3 changed files with 23 additions and 0 deletions
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@ -54,6 +54,7 @@ semanage fcontext -{a|d|m} [-frst] file_spec
 semanage translation -{a|d|m} [-T] level
 semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
 semanage permissive -{d|a} type
+semanage dontaudit [ on | off ]

 Primary Options:

@ -116,6 +117,7 @@ Object-specific Options (see above):
 		valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
 		valid_option["fcontext"] = []
 		valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser',  '-t', '--type', '-r', '--range'] 
+		valid_option["dontaudit"] = [ '-S', '--store' ]
 		valid_option["translation"] = []
 		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
@ -346,6 +348,12 @@ Object-specific Options (see above):
                        
                target = cmds[0]

+
+		if object == "dontaudit":
+			OBJECT = seobject.dontauditClass(store)
+                        OBJECT.toggle(target)
+                        return
+                              
 		if add:
 			if object == "login":
 				OBJECT.add(target, seuser, serange)
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@ -21,6 +21,8 @@ semanage \- SELinux Policy Management tool
 .br
 .B semanage permissive \-{a|d} type
 .br
+.B semanage dontaudit [ on | off ]
+.br
 .B semanage translation \-{a|d|m} [\-T] level
 .P

@ -117,6 +119,8 @@ $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
 $ semanage port -a -t http_port_t -p tcp 81
 # Change apache to a permissive domain
 $ semanage permissive -a httpd_t
+# Turn off dontaudit rules
+$ semanage dontaudit off
 .fi

 .SH "AUTHOR"
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@ -315,6 +315,17 @@ class semanageRecords:
               self.transaction = False
               self.commit()

+class dontauditClass(semanageRecords):
+	def __init__(self, store):
+               semanageRecords.__init__(self, store)
+
+	def toggle(self, dontaudit):
+               if dontaudit not in [ "on", "off" ]:
+                      raise ValueError(_("dontaudit requires either 'on' or 'off'"))
+               self.begin()
+               rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off")
+               self.commit()
+               
 class permissiveRecords(semanageRecords):
 	def __init__(self, store):
               semanageRecords.__init__(self, store)