RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-17 18:16:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: semanage: output all local modifications

Browse Source 
Introduce a new -o option which will output all local modifications in a
method which can be 're-inputted' on another host.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Eric Paris 2011-07-19 11:38:57 -04:00
parent f3fbc5d6de
commit e25ea71a5b
2 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
policycoreutils/semanage/semanage
View File

@ -40,6 +40,7 @@ except IOError:
if __name__ == '__main__':
manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"]
action = False
def set_action(option):
global action
@ -50,6 +51,7 @@ if __name__ == '__main__':
def usage(message = ""):
text = _("""
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
semanage login -{a|d|m|D|E} [-sr] login_name | %groupname
@ -68,6 +70,7 @@ Primary Options:
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
-o, --output Output current customizations as semange commands
-l, --list List the OBJECTS
-E, --extract extract customizable commands
-C, --locallist List OBJECTS local customizations
@ -447,6 +450,7 @@ Object-specific Options (see above):
#
#
try:
output = None
input = None
store = ""
@ -454,7 +458,7 @@ Object-specific Options (see above):
usage(_("Requires 2 or more arguments"))
gopts, cmds = getopt.getopt(sys.argv[1:],
'01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
'01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
['add',
'delete',
'deleteall',
@ -468,6 +472,7 @@ Object-specific Options (see above):
'localist',
'off',
'on',
'output=',
'proto=',
'seuser=',
'store=',
@ -482,6 +487,16 @@ Object-specific Options (see above):
store = a
if o == "-i" or o == '--input':
input = a
if o == "-o" or o == '--output':
output = a
if output != None:
if output != "-":
sys.stdout = open(output, 'w')
for i in manageditems:
print "%s -D" % i
process_args([i, "-E"])
sys.exit(0)
if input != None:
if input == "-":

23
policycoreutils/semanage/semanage.8
View File

@ -3,6 +3,14 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
Output local customizations
.br
.B semanage [ -S store ] -o [ output_file | - ]
Input local customizations
.br
.B semanage [ -S store ] -i [ input_file | - ]
.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
.br
.B semanage boolean \-{d|m|D} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
@ -21,8 +29,6 @@ semanage \- SELinux Policy Management tool
.br
.B semanage permissive \-{a|d} type
.br
.B semanage -i command-file
.br
.B semanage dontaudit [ on | off ]
.P
@ -122,6 +128,19 @@ $ semanage port -a -t http_port_t -p tcp 81
$ semanage permissive -a httpd_t
# Turn off dontaudit rules
$ semanage dontaudit off
.B Managing multiple machines
Multiple machines that need the same customizations.
Extract customizations off first machine, copy them
to second and import them.
# semanage -o /tmp/local.selinux
# scp /tmp/local.selinux secondmachine:/tmp
# ssh secondmachine
# semanage -i /tmp/local.selinux
If these customizations include file context, you need to apply the
context using restorecon.
.fi
.SH "AUTHOR"