Viewing file: selinuxPage.py (6.68 KB) -rwxr-xr-x Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
# # selinuxPage.py - GUI for SELinux page in system-config-securitylevel # # Brent Fox <bfox@redhat.com> # Dan Walsh <dwalsh@redhat.com> # # Copyright 2004 Red Hat, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # import gtk import gtk.glade import os import gobject import sys
INSTALLPATH='/usr/share/system-config-securitylevel' sys.path.append(INSTALLPATH) rhplPath="/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) if not rhplPath in sys.path: sys.path.append(rhplPath)
rhplPath="/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) if not rhplPath in sys.path: sys.path.append(rhplPath)
from Conf import * import commands ENFORCING=0 PERMISSIVE=1 DISABLED=2 SELINUXDIR="/etc/selinux/" RELABELFILE="/.autorelabel"
## ## I18N ## from rhpl.translate import _, N_ import rhpl.translate as translate domain = "system-config-securitylevel" translate.textdomain (domain)
def waitCmd (msg, cmd): dialog = gtk.MessageDialog (None, gtk.DIALOG_DESTROY_WITH_PARENT | gtk.DIALOG_MODAL, gtk.MESSAGE_INFO, gtk.BUTTONS_NONE, msg) dialog.set_position(gtk.WIN_POS_CENTER) dialog.show_all() dialog.get_toplevel().window.set_cursor(gtk.gdk.Cursor(gtk.gdk.WATCH))
while gtk.events_pending(): gtk.main_iteration()
(status, output) = commands.getstatusoutput(cmd)
dialog.destroy() return (status, output)
class selinuxPage: def __init__(self, xml, doDebug=None, inFirstboot=False): self.xml = xml self.selinuxsupport = True self.needRelabel = False self.doDebug = doDebug self.inFirstboot = inFirstboot
# Bring in widgets from glade file. self.seLinuxVBox = xml.get_widget("seLinuxVBox") self.enabledOptionMenu = xml.get_widget("enabledOptionMenu")
listStore = gtk.ListStore(gobject.TYPE_STRING) self.enabledOptionMenu.set_model(listStore) cell = gtk.CellRendererText() self.enabledOptionMenu.pack_start(cell, True) self.enabledOptionMenu.add_attribute(cell, 'text', 0) self.enabledOptionMenu.append_text(_("Enforcing")) self.enabledOptionMenu.append_text(_("Permissive")) self.enabledOptionMenu.append_text(_("Disabled"))
if self.read_selinux_config() == None: self.seLinuxVBox.set_sensitive(False) self.selinuxsupport = False else: self.enabledOptionMenu.connect("changed", self.enabled_changed)
# This line should always go last self.dirty = False
def setup_relabel(self): fd=open(RELABELFILE,"w") fd.close()
def set_current_mode(self,value): return commands.getoutput("/usr/sbin/setenforce %d" % value)
def verify(self, message): dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, gtk.BUTTONS_YES_NO, message) dlg.set_position(gtk.WIN_POS_MOUSE) dlg.show_all() rc = dlg.run() dlg.destroy() return rc
def enabled_changed(self, combo): setting = combo.get_active()
if setting < 2: enabled = True else: enabled = False
# If the combo has been changed back to its inital setting, we don't # need to do anything. if setting == self.initEnabled: self.dirty = False self.needRelabel = False else: self.dirty = True
# If we were initially disabled, we must be set to enabling here. if self.initEnabled == DISABLED: if not self.inFirstboot and self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: return None
self.needRelabel = True else: self.needRelabel = False
def read_selinux_config(self): self.initEnabled = DISABLED self.boolconf={} self.types=[] if os.access(SELINUXDIR, os.F_OK) == 0: #File doesn't exist. return return None
self.conf=ConfShellVar(SELINUXDIR+"config") self.conf.rcs=1 if self.conf.has_key("SELINUX"): value=self.conf.vars["SELINUX"].upper().strip() else: value="ENFORCING" self.conf.vars["SELINUX"]=value
if value == "ENFORCING": self.initEnabled = ENFORCING self.enabledOptionMenu.set_active(ENFORCING) elif value == "PERMISSIVE": self.initEnabled = PERMISSIVE self.enabledOptionMenu.set_active(PERMISSIVE) elif value == "DISABLED": self.initEnabled = DISABLED self.enabledOptionMenu.set_active(DISABLED)
self.enabled_changed(self.enabledOptionMenu)
return 0
def apply(self): retval = 0
if not self.selinuxsupport: return retval
if self.dirty: enabled = self.enabledOptionMenu.get_active() newMode = 0
if enabled == ENFORCING: self.conf["SELINUX"] = "enforcing" newMode = 1 elif enabled == PERMISSIVE: self.conf["SELINUX"] = "permissive" newMode = 0 elif enabled == DISABLED: # The only way to make sure SELinux is disabled is to reboot. # We should also setenforce 0 right now too. self.conf["SELINUX"] = "disabled" newMode = 0 retval = 1
if not self.doDebug: self.conf.write() self.set_current_mode(newMode) if self.needRelabel: if not self.doDebug: self.setup_relabel() retval = 1 else: if os.access(RELABELFILE, os.F_OK) != 0 and not self.doDebug: os.unlink(RELABELFILE)
return retval
|