topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-11-28 14:00:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ignore selevel/serange if MLS is disabled

Browse Source 
Currently, the selevel/serange values (which are often set on a default
's0' value) are used for ports, users, contexts and logins. This breaks
non-MLS setups.

This patch will only call the necessary mls functions if mls is actually
enabled.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2013-12-09 20:23:48 +01:00 committed by Stephen Smalley
parent 1bca9b5964
commit 7d921ed797
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
policycoreutils/semanage/seobject.py
View File

@ -511,7 +511,7 @@ class loginRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not set name for %s") % name) raise ValueError(_("Could not set name for %s") % name)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
rc = semanage_seuser_set_mlsrange(self.sh, u, serange) rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set MLS range for %s") % name) raise ValueError(_("Could not set MLS range for %s") % name)
@ -571,7 +571,7 @@ class loginRecords(semanageRecords):
self.oldserange = semanage_seuser_get_mlsrange(u) self.oldserange = semanage_seuser_get_mlsrange(u)
self.oldsename = semanage_seuser_get_sename(u) self.oldsename = semanage_seuser_get_sename(u)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange)) semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
if sename != "": if sename != "":
@ -838,9 +838,9 @@ class seluserRecords(semanageRecords):
if rc >= 0: if rc >= 0:
oldserole = string.join(rlist, ' '); oldserole = string.join(rlist, ' ');
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_user_set_mlsrange(self.sh, u, untranslate(serange)) semanage_user_set_mlsrange(self.sh, u, untranslate(serange))
if selevel != "": if (is_mls_enabled == 1) and (selevel != ""):
semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
if prefix != "": if prefix != "":
@ -1058,7 +1058,7 @@ class portRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not set type in port context for %s/%s") % (proto, port)) raise ValueError(_("Could not set type in port context for %s/%s") % (proto, port))
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
rc = semanage_context_set_mls(self.sh, con, serange) rc = semanage_context_set_mls(self.sh, con, serange)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set mls fields in port context for %s/%s") % (proto, port)) raise ValueError(_("Could not set mls fields in port context for %s/%s") % (proto, port))
@ -1104,7 +1104,7 @@ class portRecords(semanageRecords):
con = semanage_port_get_con(p) con = semanage_port_get_con(p)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_context_set_mls(self.sh, con, untranslate(serange)) semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@ -1332,7 +1332,7 @@ class nodeRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not set type in addr context for %s") % addr) raise ValueError(_("Could not set type in addr context for %s") % addr)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
rc = semanage_context_set_mls(self.sh, con, serange) rc = semanage_context_set_mls(self.sh, con, serange)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set mls fields in addr context for %s") % addr) raise ValueError(_("Could not set mls fields in addr context for %s") % addr)
@ -1378,7 +1378,7 @@ class nodeRecords(semanageRecords):
raise ValueError(_("Could not query addr %s") % addr) raise ValueError(_("Could not query addr %s") % addr)
con = semanage_node_get_con(node) con = semanage_node_get_con(node)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_context_set_mls(self.sh, con, untranslate(serange)) semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@ -1528,7 +1528,7 @@ class interfaceRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not set type in interface context for %s") % interface) raise ValueError(_("Could not set type in interface context for %s") % interface)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
rc = semanage_context_set_mls(self.sh, con, serange) rc = semanage_context_set_mls(self.sh, con, serange)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set mls fields in interface context for %s") % interface) raise ValueError(_("Could not set mls fields in interface context for %s") % interface)
@ -1574,7 +1574,7 @@ class interfaceRecords(semanageRecords):
con = semanage_iface_get_ifcon(iface) con = semanage_iface_get_ifcon(iface)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_context_set_mls(self.sh, con, untranslate(serange)) semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "": if setype != "":
semanage_context_set_type(self.sh, con, setype) semanage_context_set_type(self.sh, con, setype)
@ -1828,7 +1828,7 @@ class fcontextRecords(semanageRecords):
if rc < 0: if rc < 0:
raise ValueError(_("Could not set type in file context for %s") % target) raise ValueError(_("Could not set type in file context for %s") % target)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
rc = semanage_context_set_mls(self.sh, con, serange) rc = semanage_context_set_mls(self.sh, con, serange)
if rc < 0: if rc < 0:
raise ValueError(_("Could not set mls fields in file context for %s") % target) raise ValueError(_("Could not set mls fields in file context for %s") % target)
@ -1884,7 +1884,7 @@ class fcontextRecords(semanageRecords):
if con == None: if con == None:
con = self.createcon(target) con = self.createcon(target)
if serange != "": if (is_mls_enabled == 1) and (serange != ""):
semanage_context_set_mls(self.sh, con, untranslate(serange)) semanage_context_set_mls(self.sh, con, untranslate(serange))
if seuser != "": if seuser != "":
semanage_context_set_user(self.sh, con, seuser) semanage_context_set_user(self.sh, con, seuser)