Author: Daniel J Walsh

Email: dwalsh@redhat.com Subject: Remove setrans management from semanage Date: Wed, 30 Sep 2009 14:07:49 -0400 This will not work correctly using the current mcstrans code base. I believe an admin has to edit this code directly and probably should have never been added to semanage. Signed-off-by: Chad Sellers <csellers@tresys.com>
2024-12-28 08:52:05 +00:00 · 2009-11-10 17:35:20 -05:00 · 2009-11-10 17:35:20 -05:00 · b946922238
commit b946922238
parent 08de9ab134
3 changed files with 3 additions and 110 deletions
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@ -44,14 +44,13 @@ if __name__ == '__main__':
               text = _("""
 semanage [ -S store ] -i [ input_file | - ]

-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
 semanage login -{a|d|m} [-sr] login_name | %groupname
 semanage user -{a|d|m} [-LrRP] selinux_name
 semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
 semanage interface -{a|d|m} [-tr] interface_spec
 semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
 semanage fcontext -{a|d|m} [-frst] file_spec
-semanage translation -{a|d|m} [-T] level
 semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
 semanage permissive -{d|a} type
 semanage dontaudit [ on | off ]
@ -88,8 +87,6 @@ Object-specific Options (see above):
 	-P, --prefix     Prefix for home directory labeling
 	-L, --level      Default SELinux Level (MLS/MCS Systems only)
 	-R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
-	-T, --trans      SELinux Level Translation (MLS/MCS Systems only)
-
 	-s, --seuser     SELinux User Name
 	-t, --type       SELinux Type for the object
 	-r, --range      MLS/MCS Security Range (MLS/MCS Systems only)
@ -118,8 +115,6 @@ Object-specific Options (see above):
 		valid_option["fcontext"] = []
 		valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser',  '-t', '--type', '-r', '--range'] 
 		valid_option["dontaudit"] = [ '-S', '--store' ]
-		valid_option["translation"] = []
-		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
 		valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] 
 		valid_option["permissive"] = []
@ -180,7 +175,6 @@ Object-specific Options (see above):
 		selevel = ""
 		setype = ""
 		ftype = ""
-		setrans = ""
 		roles = ""
 		seuser = ""
 		prefix = "user"
@ -203,7 +197,7 @@ Object-specific Options (see above):
 		args = argv[1:]

 		gopts, cmds = getopt.getopt(args,
-					    '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
+					    '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
 					    ['add',
 					     'delete',
 					     'deleteall',
@ -225,7 +219,6 @@ Object-specific Options (see above):
 					     'level=',
 					     'roles=',
 					     'type=',
-					     'trans=',
 					     'prefix=',
                                             'mask='
 					     ])
@ -297,9 +290,6 @@ Object-specific Options (see above):
 			if o == "-t" or o == "--type":
 				setype = a

-			if o == "-T" or o == "--trans":
-				setrans = a
-
                        if o == "--on" or o == "-1":
                               value = "on"
                        if o == "--off" or o == "-0":
@ -326,9 +316,6 @@ Object-specific Options (see above):
 		if object == "boolean":
 			OBJECT = seobject.booleanRecords(store)
 		
-		if object == "translation":
-			OBJECT = seobject.setransRecords()
-		
 		if object == "permissive":
 			OBJECT = seobject.permissiveRecords(store)
 		
@ -358,9 +345,6 @@ Object-specific Options (see above):
 			if object == "login":
 				OBJECT.add(target, seuser, serange)

-			if object == "translation":
-				OBJECT.add(target, setrans)
-
 			if object == "user":
 				OBJECT.add(target, roles.split(), selevel, serange, prefix)

@ -387,9 +371,6 @@ Object-specific Options (see above):
 			if object == "login":
 				OBJECT.modify(target, seuser, serange)

-			if object == "translation":
-				OBJECT.modify(target, setrans)
-
 			if object == "user":
 				rlist = roles.split()
 				OBJECT.modify(target, rlist, selevel, serange, prefix)
@ -457,7 +438,6 @@ Object-specific Options (see above):
                                            'level=',
                                            'roles=',
                                            'type=',
-                                            'trans=',
                                            'prefix='
                                            ])
               for o, a in gopts:
--- a/policycoreutils/semanage/semanage.8
+++ b/policycoreutils/semanage/semanage.8
@ -3,7 +3,7 @@
 semanage \- SELinux Policy Management tool

 .SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|node|fcontext|translation} \-{l|D} [\-n] [\-S store]
+.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
 .br
 .B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
 .br
@ -22,8 +22,6 @@ semanage \- SELinux Policy Management tool
 .B semanage permissive \-{a|d} type
 .br
 .B semanage dontaudit [ on | off ]
-.br
-.B semanage translation \-{a|d|m} [\-T] level
 .P

 .SH "DESCRIPTION"
@ -101,9 +99,6 @@ Select and alternate SELinux store to manage
 .TP
 .I                \-t, \-\-type       
 SELinux Type for the object
-.TP
-.I                \-T, \-\-trans
-SELinux Translation

 .SH EXAMPLE
 .nf
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@ -195,88 +195,6 @@ def untranslate(trans, prepend = 1):
 	else:
 		return raw
 	
-class setransRecords:
-	def __init__(self):
-		self.filename = selinux.selinux_translations_path()
-		try:
-			fd = open(self.filename, "r")
-			translations = fd.readlines()
-			fd.close()
-		except IOError, e:
-			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines: %s") % (self.filename, e) )
-			
-		self.ddict = {}
-		self.comments = []
-		for r in translations:
-			if len(r) == 0:
-				continue
-			i = r.strip()
-			if i == "" or i[0] == "#":
-				self.comments.append(r)
-				continue
-			i = i.split("=")
-			if len(i) != 2:
-				self.comments.append(r)
-				continue
-                        if self.ddict.has_key(i[0]) == 0:
-                               self.ddict[i[0]] = i[1]
-
-	def get_all(self):
-		return self.ddict
-
-	def out(self):
-		rec = ""
-		for c in self.comments:
-			rec += c
-		keys = self.ddict.keys()
-		keys.sort()
-		for k in keys:
-			rec += "%s=%s\n" %  (k, self.ddict[k])
-		return rec
-	
-	def list(self, heading = 1, locallist = 0):
-		if heading:
-			print "\n%-25s %s\n" % (_("Level"), _("Translation"))
-		keys = self.ddict.keys()
-		keys.sort()
-		for k in keys:
-			print "%-25s %s" % (k, self.ddict[k])
-		
-	def add(self, raw, trans):
-		if trans.find(" ") >= 0:
-			raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
-
-		if validate_level(raw) == None:
-			raise ValueError(_("Invalid Level '%s' ") % raw)
-		
-		if self.ddict.has_key(raw):
-			raise ValueError(_("%s already defined in translations") % raw)
-		else:
-			self.ddict[raw] = trans
-		self.save()
-	
-	def modify(self, raw, trans):
-		if trans.find(" ") >= 0:
-
-			raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
-		if self.ddict.has_key(raw):
-			self.ddict[raw] = trans
-		else:
-			raise ValueError(_("%s not defined in translations") % raw)
-		self.save()
-		
-	def delete(self, raw):
-		self.ddict.pop(raw)
-		self.save()
-
-	def save(self):
-		(fd, newfilename) = tempfile.mkstemp('', self.filename)
-		os.write(fd, self.out())
-		os.close(fd)
-		os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
-		os.rename(newfilename, self.filename)
-                os.system("/sbin/service mcstrans reload > /dev/null")
-
 class semanageRecords:
 	def __init__(self, store):
               global handle