diff options
| author |   Christian Göttsche <cgzones@googlemail.com> | 2021-01-31 21:50:23 +0100 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2021-02-06 12:54:11 -0800 |
| commit | b4d183812aec480eae859f4c32d20829a8ff53bf (patch) | |
| tree | 0351df746608123c2f6ee7117988a87df7d2e1bb /support | |
| parent | genhomedircon: drop unused functions (diff) | |
| download | hardened-refpolicy-b4d183812aec480eae859f4c32d20829a8ff53bf.tar.gz hardened-refpolicy-b4d183812aec480eae859f4c32d20829a8ff53bf.tar.bz2 hardened-refpolicy-b4d183812aec480eae859f4c32d20829a8ff53bf.zip | |
genhomedircon: generate file contexts for %{USERNAME} and %{USERID}
Generate substituted file contexts for templated paths containing
%{USERNAME} or %{USERID}, like semodules' genhomedircon.
Example:
/run/user/%{USERID} -d gen_context(system_u:object_r:user_runtime_t,s0)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'support')
| -rw-r--r-- | support/genhomedircon.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/support/genhomedircon.py b/support/genhomedircon.py index 13e9c9e8..0490f724 100644 --- a/support/genhomedircon.py +++ b/support/genhomedircon.py @@ -168,7 +168,6 @@ class selinuxConfig: if rc[0] == 0: users+=rc[1] udict = {} - prefs = {} if users != "": ulist = users.split("\n") for u in ulist: @@ -181,20 +180,31 @@ class selinuxConfig: if role == "{": role = user[4] role = role.split("_r")[0] - home = pwd.getpwnam(user[1])[5] + pwdentry = pwd.getpwnam(user[1]) + home = pwdentry[5] if home == "/": continue prefs = {} prefs["role"] = role prefs["home"] = home + prefs["name"] = pwdentry[0] + prefs["uid"] = pwdentry[2] udict[user[1]] = prefs except KeyError: sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user[1]) return udict - def getHomeDirContext(self, user, home, role): - ret="\n\n#\n# Context for user %s\n#\n\n" % user - rc=getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user)) + def getHomeDirContext(self, seuser, home, role, username, userid): + ret = "\n\n#\n# Context for user %s\n#\n\n" % seuser + rc = getstatusoutput("grep -E '^HOME_DIR|%%{USERID}|%%{USERNAME}' %s | sed" + " -e 's|HOME_DIR|%s|'" + " -e 's|ROLE|%s|'" + " -e 's|system_u|%s|'" + " -e 's|%%{USERID}|%s|'" + " -e 's|%%{USERNAME}|%s|'" + % (self.getHomeDirTemplate(), home, role, seuser, userid, username)) + if rc[0] != 0: + errorExit("sed error (" + str(rc[0]) + "): " + rc[1]) return ret + rc[1] + "\n" def genHomeDirContext(self): @@ -202,7 +212,7 @@ class selinuxConfig: ret="" # Fill in HOME and ROLE for users that are defined for u in users.keys(): - ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"]) + ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"], users[u]["name"], users[u]["uid"]) return ret+"\n" def checkExists(self, home): @@ -263,7 +273,7 @@ class selinuxConfig: def genoutput(self): ret= self.heading() for h in self.getHomeDirs(): - ret += self.getHomeDirContext ("user_u" , h+'/[^/]+', "user") + ret += self.getHomeDirContext ("user_u" , h+'/[^/]+', "user", "[^/]+", "[0-9]+") ret += self.getHomeRootContext(h) ret += self.genHomeDirContext() return ret |