From patchwork Wed Dec 19 22:13:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10738239 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BFCC9924 for ; Wed, 19 Dec 2018 22:14:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B10EB284E4 for ; Wed, 19 Dec 2018 22:14:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A52ED284EE; Wed, 19 Dec 2018 22:14:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C389B284E4 for ; Wed, 19 Dec 2018 22:14:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728135AbeLSWOJ (ORCPT ); Wed, 19 Dec 2018 17:14:09 -0500 Received: from mx3.polytechnique.org ([91.121.62.107]:54425 "EHLO mx3.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725294AbeLSWOJ (ORCPT ); Wed, 19 Dec 2018 17:14:09 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 4823A1E4D29 for ; Wed, 19 Dec 2018 23:14:07 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 1/3] semanage_migrate_store: fix many Python linter warnings Date: Wed, 19 Dec 2018 23:13:18 +0100 Message-Id: <20181219221320.8594-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at mx3.polytechnique.org (Wed Dec 19 23:14:07 2018 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP flake8 reports many warnings on script semanage_migrate_store: E225 missing whitespace around operator E302 expected 2 blank lines, found 1 E701 multiple statements on one line (colon) E703 statement ends with a semicolon E722 do not use bare 'except' ... Fix some of them in order to reduce the noise. Signed-off-by: Nicolas Iooss --- This patch is needed to prepare making scripts/run-flake8 analyze Python scripts with names that do not end with ".py". libsemanage/utils/semanage_migrate_store | 40 +++++++++++++++--------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store index b789d0424541..7b5bee819e24 100755 --- a/libsemanage/utils/semanage_migrate_store +++ b/libsemanage/utils/semanage_migrate_store @@ -27,12 +27,13 @@ def copy_file(src, dst): shutil.copy(src, dst) except OSError as the_err: (err, strerr) = the_err.args - print("Could not copy %s to %s, %s" %(src, dst, strerr), file=sys.stderr) + print("Could not copy %s to %s, %s" % (src, dst, strerr), file=sys.stderr) exit(1) def create_dir(dst, mode): - if DEBUG: print("Making directory %s" % dst) + if DEBUG: + print("Making directory %s" % dst) try: os.makedirs(dst, mode) except OSError as the_err: @@ -45,7 +46,8 @@ def create_dir(dst, mode): def create_file(dst): - if DEBUG: print("Making file %s" % dst) + if DEBUG: + print("Making file %s" % dst) try: open(dst, 'a').close() except OSError as the_err: @@ -55,7 +57,8 @@ def create_file(dst): def copy_module(store, name, base): - if DEBUG: print("Install module %s" % name) + if DEBUG: + print("Install module %s" % name) (file, ext) = os.path.splitext(name) if ext != ".pp": # Stray non-pp file in modules directory, skip @@ -78,24 +81,25 @@ def copy_module(store, name, base): efile.write("pp") efile.close() - except: + except (IOError, OSError): print("Error installing module %s" % name, file=sys.stderr) exit(1) def disable_module(file, name, disabledmodules): - if DEBUG: print("Disabling %s" % name) + if DEBUG: + print("Disabling %s" % name) (disabledname, disabledext) = os.path.splitext(file) create_file("%s/%s" % (disabledmodules, disabledname)) -def migrate_store(store): - oldstore = oldstore_path(store); - oldmodules = oldmodules_path(store); - disabledmodules = disabledmodules_path(store); - newstore = newstore_path(store); - newmodules = newmodules_path(store); - bottomdir = bottomdir_path(store); +def migrate_store(store): + oldstore = oldstore_path(store) + oldmodules = oldmodules_path(store) + disabledmodules = disabledmodules_path(store) + newstore = newstore_path(store) + newmodules = newmodules_path(store) + bottomdir = bottomdir_path(store) print("Migrating from %s to %s" % (oldstore, newstore)) @@ -134,6 +138,7 @@ def migrate_store(store): else: copy_module(store, name, 0) + def rebuild_policy(): # Ok, the modules are loaded, lets try to rebuild the policy print("Attempting to rebuild policy from %s" % newroot_path()) @@ -182,24 +187,31 @@ def rebuild_policy(): def oldroot_path(): return "%s/etc/selinux" % ROOT + def oldstore_path(store): return "%s/%s/modules/active" % (oldroot_path(), store) + def oldmodules_path(store): return "%s/modules" % oldstore_path(store) + def disabledmodules_path(store): return "%s/disabled" % newmodules_path(store) + def newroot_path(): return "%s%s" % (ROOT, PATH) + def newstore_path(store): return "%s/%s/active" % (newroot_path(), store) + def newmodules_path(store): return "%s/modules" % newstore_path(store) + def bottomdir_path(store): return "%s/%s" % (newmodules_path(store), PRIORITY) @@ -257,7 +269,6 @@ if __name__ == "__main__": "pkeys.local", "ibendports.local"] - create_dir(newroot_path(), 0o755) stores = None @@ -286,4 +297,3 @@ if __name__ == "__main__": if NOREBUILD is False: rebuild_policy() - From patchwork Wed Dec 19 22:13:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10738241 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4D628161F for ; Wed, 19 Dec 2018 22:14:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3E8A5284E4 for ; Wed, 19 Dec 2018 22:14:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3319C284EE; Wed, 19 Dec 2018 22:14:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E4A46284E4 for ; Wed, 19 Dec 2018 22:14:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728595AbeLSWOL (ORCPT ); Wed, 19 Dec 2018 17:14:11 -0500 Received: from mx3.polytechnique.org ([91.121.62.107]:38868 "EHLO mx3.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725294AbeLSWOL (ORCPT ); Wed, 19 Dec 2018 17:14:11 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 96DBC1E4D24 for ; Wed, 19 Dec 2018 23:14:09 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 2/3] semanage_migrate_store: remove unused loading of libsepol.so Date: Wed, 19 Dec 2018 23:13:19 +0100 Message-Id: <20181219221320.8594-2-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181219221320.8594-1-nicolas.iooss@m4x.org> References: <20181219221320.8594-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at mx3.polytechnique.org (Wed Dec 19 23:14:09 2018 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP semanage_migrate_store loads libsepol.so using ctypes but never uses it. Signed-off-by: Nicolas Iooss --- libsemanage/utils/semanage_migrate_store | 3 --- 1 file changed, 3 deletions(-) diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store index 7b5bee819e24..360f143e9fca 100755 --- a/libsemanage/utils/semanage_migrate_store +++ b/libsemanage/utils/semanage_migrate_store @@ -8,9 +8,6 @@ import shutil import sys from optparse import OptionParser -import ctypes - -sepol = ctypes.cdll.LoadLibrary('libsepol.so.1') try: import selinux From patchwork Wed Dec 19 22:13:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10738243 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7517214E2 for ; Wed, 19 Dec 2018 22:14:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6498E284E4 for ; Wed, 19 Dec 2018 22:14:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58BED284EE; Wed, 19 Dec 2018 22:14:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 459F1284E4 for ; Wed, 19 Dec 2018 22:14:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728608AbeLSWON (ORCPT ); Wed, 19 Dec 2018 17:14:13 -0500 Received: from mx3.polytechnique.org ([91.121.62.107]:46771 "EHLO mx3.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728344AbeLSWOM (ORCPT ); Wed, 19 Dec 2018 17:14:12 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 569851E4D24 for ; Wed, 19 Dec 2018 23:14:10 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 3/3] semanage_migrate_store: switch to space indentation Date: Wed, 19 Dec 2018 23:13:20 +0100 Message-Id: <20181219221320.8594-3-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181219221320.8594-1-nicolas.iooss@m4x.org> References: <20181219221320.8594-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at mx3.polytechnique.org (Wed Dec 19 23:14:10 2018 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The script used both tabs and space to indent the code, using a tab length of 8 (in calls to parser.add_option(...)). Make the code more readable by using spaces for indentation everywhere. Signed-off-by: Nicolas Iooss --- libsemanage/utils/semanage_migrate_store | 438 +++++++++++------------ 1 file changed, 219 insertions(+), 219 deletions(-) diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store index 360f143e9fca..018b1a3e62c2 100755 --- a/libsemanage/utils/semanage_migrate_store +++ b/libsemanage/utils/semanage_migrate_store @@ -10,287 +10,287 @@ from optparse import OptionParser try: - import selinux - import semanage + import selinux + import semanage except ImportError: - print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr) - exit(1) + print("You must install libselinux-python and libsemanage-python before running this tool", file=sys.stderr) + exit(1) def copy_file(src, dst): - if DEBUG: - print("copying %s to %s" % (src, dst)) - try: - shutil.copy(src, dst) - except OSError as the_err: - (err, strerr) = the_err.args - print("Could not copy %s to %s, %s" % (src, dst, strerr), file=sys.stderr) - exit(1) + if DEBUG: + print("copying %s to %s" % (src, dst)) + try: + shutil.copy(src, dst) + except OSError as the_err: + (err, strerr) = the_err.args + print("Could not copy %s to %s, %s" % (src, dst, strerr), file=sys.stderr) + exit(1) def create_dir(dst, mode): - if DEBUG: - print("Making directory %s" % dst) - try: - os.makedirs(dst, mode) - except OSError as the_err: - (err, stderr) = the_err.args - if err == errno.EEXIST: - pass - else: - print("Error creating %s" % dst, file=sys.stderr) - exit(1) + if DEBUG: + print("Making directory %s" % dst) + try: + os.makedirs(dst, mode) + except OSError as the_err: + (err, stderr) = the_err.args + if err == errno.EEXIST: + pass + else: + print("Error creating %s" % dst, file=sys.stderr) + exit(1) def create_file(dst): - if DEBUG: - print("Making file %s" % dst) - try: - open(dst, 'a').close() - except OSError as the_err: - (err, stderr) = the_err.args - print("Error creating %s" % dst, file=sys.stderr) - exit(1) + if DEBUG: + print("Making file %s" % dst) + try: + open(dst, 'a').close() + except OSError as the_err: + (err, stderr) = the_err.args + print("Error creating %s" % dst, file=sys.stderr) + exit(1) def copy_module(store, name, base): - if DEBUG: - print("Install module %s" % name) - (file, ext) = os.path.splitext(name) - if ext != ".pp": - # Stray non-pp file in modules directory, skip - print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) - return - try: - if base: - root = oldstore_path(store) - else: - root = oldmodules_path(store) + if DEBUG: + print("Install module %s" % name) + (file, ext) = os.path.splitext(name) + if ext != ".pp": + # Stray non-pp file in modules directory, skip + print("warning: %s has invalid extension, skipping" % name, file=sys.stderr) + return + try: + if base: + root = oldstore_path(store) + else: + root = oldmodules_path(store) - bottomdir = bottomdir_path(store) + bottomdir = bottomdir_path(store) - os.mkdir("%s/%s" % (bottomdir, file)) + os.mkdir("%s/%s" % (bottomdir, file)) - copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) + copy_file(os.path.join(root, name), "%s/%s/hll" % (bottomdir, file)) - # This is the ext file that will eventually be used to choose a compiler - efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) - efile.write("pp") - efile.close() + # This is the ext file that will eventually be used to choose a compiler + efile = open("%s/%s/lang_ext" % (bottomdir, file), "w+", 0o600) + efile.write("pp") + efile.close() - except (IOError, OSError): - print("Error installing module %s" % name, file=sys.stderr) - exit(1) + except (IOError, OSError): + print("Error installing module %s" % name, file=sys.stderr) + exit(1) def disable_module(file, name, disabledmodules): - if DEBUG: - print("Disabling %s" % name) - (disabledname, disabledext) = os.path.splitext(file) - create_file("%s/%s" % (disabledmodules, disabledname)) + if DEBUG: + print("Disabling %s" % name) + (disabledname, disabledext) = os.path.splitext(file) + create_file("%s/%s" % (disabledmodules, disabledname)) def migrate_store(store): - oldstore = oldstore_path(store) - oldmodules = oldmodules_path(store) - disabledmodules = disabledmodules_path(store) - newstore = newstore_path(store) - newmodules = newmodules_path(store) - bottomdir = bottomdir_path(store) - - print("Migrating from %s to %s" % (oldstore, newstore)) - - # Build up new directory structure - create_dir("%s/%s" % (newroot_path(), store), 0o755) - create_dir(newstore, 0o700) - create_dir(newmodules, 0o700) - create_dir(bottomdir, 0o700) - create_dir(disabledmodules, 0o700) - - # Special case for base since it was in a different location - copy_module(store, "base.pp", 1) - - # Dir structure built, start copying files - for root, dirs, files in os.walk(oldstore): - if root == oldstore: - # This is the top level directory, need to move - for name in files: - # Check to see if it is in TOPPATHS and copy if so - if name in TOPPATHS: - if name == "seusers": - newname = "seusers.local" - else: - newname = name - copy_file(os.path.join(root, name), os.path.join(newstore, newname)) - - elif root == oldmodules: - # This should be the modules directory - for name in files: - (file, ext) = os.path.splitext(name) - if name == "base.pp": - print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) - exit(1) - elif ext == ".disabled": - disable_module(file, name, disabledmodules) - else: - copy_module(store, name, 0) + oldstore = oldstore_path(store) + oldmodules = oldmodules_path(store) + disabledmodules = disabledmodules_path(store) + newstore = newstore_path(store) + newmodules = newmodules_path(store) + bottomdir = bottomdir_path(store) + + print("Migrating from %s to %s" % (oldstore, newstore)) + + # Build up new directory structure + create_dir("%s/%s" % (newroot_path(), store), 0o755) + create_dir(newstore, 0o700) + create_dir(newmodules, 0o700) + create_dir(bottomdir, 0o700) + create_dir(disabledmodules, 0o700) + + # Special case for base since it was in a different location + copy_module(store, "base.pp", 1) + + # Dir structure built, start copying files + for root, dirs, files in os.walk(oldstore): + if root == oldstore: + # This is the top level directory, need to move + for name in files: + # Check to see if it is in TOPPATHS and copy if so + if name in TOPPATHS: + if name == "seusers": + newname = "seusers.local" + else: + newname = name + copy_file(os.path.join(root, name), os.path.join(newstore, newname)) + + elif root == oldmodules: + # This should be the modules directory + for name in files: + (file, ext) = os.path.splitext(name) + if name == "base.pp": + print("Error installing module %s, name conflicts with base" % name, file=sys.stderr) + exit(1) + elif ext == ".disabled": + disable_module(file, name, disabledmodules) + else: + copy_module(store, name, 0) def rebuild_policy(): - # Ok, the modules are loaded, lets try to rebuild the policy - print("Attempting to rebuild policy from %s" % newroot_path()) + # Ok, the modules are loaded, lets try to rebuild the policy + print("Attempting to rebuild policy from %s" % newroot_path()) - curstore = selinux.selinux_getpolicytype()[1] + curstore = selinux.selinux_getpolicytype()[1] - handle = semanage.semanage_handle_create() - if not handle: - print("Could not create semanage handle", file=sys.stderr) - exit(1) + handle = semanage.semanage_handle_create() + if not handle: + print("Could not create semanage handle", file=sys.stderr) + exit(1) - semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT) + semanage.semanage_select_store(handle, curstore, semanage.SEMANAGE_CON_DIRECT) - if not semanage.semanage_is_managed(handle): - semanage.semanage_handle_destroy(handle) - print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr) - exit(1) + if not semanage.semanage_is_managed(handle): + semanage.semanage_handle_destroy(handle) + print("SELinux policy is not managed or store cannot be accessed.", file=sys.stderr) + exit(1) - rc = semanage.semanage_access_check(handle) - if rc < semanage.SEMANAGE_CAN_WRITE: - semanage.semanage_handle_destroy(handle) - print("Cannot write to policy store.", file=sys.stderr) - exit(1) + rc = semanage.semanage_access_check(handle) + if rc < semanage.SEMANAGE_CAN_WRITE: + semanage.semanage_handle_destroy(handle) + print("Cannot write to policy store.", file=sys.stderr) + exit(1) - rc = semanage.semanage_connect(handle) - if rc < 0: - semanage.semanage_handle_destroy(handle) - print("Could not establish semanage connection", file=sys.stderr) - exit(1) + rc = semanage.semanage_connect(handle) + if rc < 0: + semanage.semanage_handle_destroy(handle) + print("Could not establish semanage connection", file=sys.stderr) + exit(1) - semanage.semanage_set_rebuild(handle, 1) + semanage.semanage_set_rebuild(handle, 1) - rc = semanage.semanage_begin_transaction(handle) - if rc < 0: - semanage.semanage_handle_destroy(handle) - print("Could not begin transaction", file=sys.stderr) - exit(1) + rc = semanage.semanage_begin_transaction(handle) + if rc < 0: + semanage.semanage_handle_destroy(handle) + print("Could not begin transaction", file=sys.stderr) + exit(1) - rc = semanage.semanage_commit(handle) - if rc < 0: - print("Could not commit transaction", file=sys.stderr) + rc = semanage.semanage_commit(handle) + if rc < 0: + print("Could not commit transaction", file=sys.stderr) - semanage.semanage_handle_destroy(handle) + semanage.semanage_handle_destroy(handle) def oldroot_path(): - return "%s/etc/selinux" % ROOT + return "%s/etc/selinux" % ROOT def oldstore_path(store): - return "%s/%s/modules/active" % (oldroot_path(), store) + return "%s/%s/modules/active" % (oldroot_path(), store) def oldmodules_path(store): - return "%s/modules" % oldstore_path(store) + return "%s/modules" % oldstore_path(store) def disabledmodules_path(store): - return "%s/disabled" % newmodules_path(store) + return "%s/disabled" % newmodules_path(store) def newroot_path(): - return "%s%s" % (ROOT, PATH) + return "%s%s" % (ROOT, PATH) def newstore_path(store): - return "%s/%s/active" % (newroot_path(), store) + return "%s/%s/active" % (newroot_path(), store) def newmodules_path(store): - return "%s/modules" % newstore_path(store) + return "%s/modules" % newstore_path(store) def bottomdir_path(store): - return "%s/%s" % (newmodules_path(store), PRIORITY) + return "%s/%s" % (newmodules_path(store), PRIORITY) if __name__ == "__main__": - parser = OptionParser() - parser.add_option("-p", "--priority", dest="priority", default="100", - help="Set priority of modules in new store (default: 100)") - parser.add_option("-s", "--store", dest="store", default=None, - help="Store to read from and write to") - parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, - help="Output debug information") - parser.add_option("-c", "--clean", dest="clean", action="store_true", default=False, - help="Clean old modules directory after migrate (default: no)") - parser.add_option("-n", "--norebuild", dest="norebuild", action="store_true", default=False, - help="Disable rebuilding policy after migration (default: no)") - parser.add_option("-P", "--path", dest="path", - help="Set path for the policy store (default: /var/lib/selinux)") - parser.add_option("-r", "--root", dest="root", - help="Set an alternative root for the migration (default: /)") - - (options, args) = parser.parse_args() - - DEBUG = options.debug - PRIORITY = options.priority - TYPE = options.store - CLEAN = options.clean - NOREBUILD = options.norebuild - PATH = options.path - if PATH is None: - PATH = "/var/lib/selinux" - - ROOT = options.root - if ROOT is None: - ROOT = "" - - # List of paths that go in the active 'root' - TOPPATHS = [ - "commit_num", - "ports.local", - "interfaces.local", - "nodes.local", - "booleans.local", - "file_contexts.local", - "seusers", - "users.local", - "users_extra", - "users_extra.local", - "disable_dontaudit", - "preserve_tunables", - "policy.kern", - "file_contexts", - "homedir_template", - "pkeys.local", - "ibendports.local"] - - create_dir(newroot_path(), 0o755) - - stores = None - if TYPE is not None: - stores = [TYPE] - else: - stores = os.listdir(oldroot_path()) - - # find stores in oldroot and migrate them to newroot if necessary - for store in stores: - if not os.path.isdir(oldmodules_path(store)): - # already migrated or not an selinux store - continue - - if os.path.isdir(newstore_path(store)): - # store has already been migrated, but old modules dir still exits - print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr) - continue - - migrate_store(store) - - if CLEAN is True: - def remove_error(function, path, execinfo): - print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr) - shutil.rmtree(oldmodules_path(store), onerror=remove_error) - - if NOREBUILD is False: - rebuild_policy() + parser = OptionParser() + parser.add_option("-p", "--priority", dest="priority", default="100", + help="Set priority of modules in new store (default: 100)") + parser.add_option("-s", "--store", dest="store", default=None, + help="Store to read from and write to") + parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, + help="Output debug information") + parser.add_option("-c", "--clean", dest="clean", action="store_true", default=False, + help="Clean old modules directory after migrate (default: no)") + parser.add_option("-n", "--norebuild", dest="norebuild", action="store_true", default=False, + help="Disable rebuilding policy after migration (default: no)") + parser.add_option("-P", "--path", dest="path", + help="Set path for the policy store (default: /var/lib/selinux)") + parser.add_option("-r", "--root", dest="root", + help="Set an alternative root for the migration (default: /)") + + (options, args) = parser.parse_args() + + DEBUG = options.debug + PRIORITY = options.priority + TYPE = options.store + CLEAN = options.clean + NOREBUILD = options.norebuild + PATH = options.path + if PATH is None: + PATH = "/var/lib/selinux" + + ROOT = options.root + if ROOT is None: + ROOT = "" + + # List of paths that go in the active 'root' + TOPPATHS = [ + "commit_num", + "ports.local", + "interfaces.local", + "nodes.local", + "booleans.local", + "file_contexts.local", + "seusers", + "users.local", + "users_extra", + "users_extra.local", + "disable_dontaudit", + "preserve_tunables", + "policy.kern", + "file_contexts", + "homedir_template", + "pkeys.local", + "ibendports.local"] + + create_dir(newroot_path(), 0o755) + + stores = None + if TYPE is not None: + stores = [TYPE] + else: + stores = os.listdir(oldroot_path()) + + # find stores in oldroot and migrate them to newroot if necessary + for store in stores: + if not os.path.isdir(oldmodules_path(store)): + # already migrated or not an selinux store + continue + + if os.path.isdir(newstore_path(store)): + # store has already been migrated, but old modules dir still exits + print("warning: Policy type %s has already been migrated, but modules still exist in the old store. Skipping store." % store, file=sys.stderr) + continue + + migrate_store(store) + + if CLEAN is True: + def remove_error(function, path, execinfo): + print("warning: Unable to remove old store modules directory %s. Cleaning failed." % oldmodules_path(store), file=sys.stderr) + shutil.rmtree(oldmodules_path(store), onerror=remove_error) + + if NOREBUILD is False: + rebuild_policy()