Viewing file:  selinuxPage.py (6.68 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
#
# selinuxPage.py - GUI for SELinux page in system-config-securitylevel
#
# Brent Fox <bfox@redhat.com>
# Dan Walsh <dwalsh@redhat.com>
#
# Copyright 2004 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import gtk
import gtk.glade
import os
import gobject
import sys
INSTALLPATH='/usr/share/system-config-securitylevel'
sys.path.append(INSTALLPATH)
rhplPath="/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
if not rhplPath in sys.path:
sys.path.append(rhplPath)
rhplPath="/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
if not rhplPath in sys.path:
sys.path.append(rhplPath)
from Conf import *
import commands
ENFORCING=0
PERMISSIVE=1
DISABLED=2
SELINUXDIR="/etc/selinux/"
RELABELFILE="/.autorelabel"
##
## I18N
##
from rhpl.translate import _, N_
import rhpl.translate as translate
domain = "system-config-securitylevel"
translate.textdomain (domain)
def waitCmd (msg, cmd):
dialog = gtk.MessageDialog (None,
gtk.DIALOG_DESTROY_WITH_PARENT | gtk.DIALOG_MODAL,
gtk.MESSAGE_INFO,
gtk.BUTTONS_NONE,
msg)
dialog.set_position(gtk.WIN_POS_CENTER)
dialog.show_all()
dialog.get_toplevel().window.set_cursor(gtk.gdk.Cursor(gtk.gdk.WATCH))
while gtk.events_pending():
gtk.main_iteration()
(status, output) = commands.getstatusoutput(cmd)
dialog.destroy()
return (status, output)
class selinuxPage:
def __init__(self, xml, doDebug=None, inFirstboot=False):
self.xml = xml
self.selinuxsupport = True
self.needRelabel = False
self.doDebug = doDebug
self.inFirstboot = inFirstboot
# Bring in widgets from glade file.
self.seLinuxVBox = xml.get_widget("seLinuxVBox")
self.enabledOptionMenu = xml.get_widget("enabledOptionMenu")
listStore = gtk.ListStore(gobject.TYPE_STRING)
self.enabledOptionMenu.set_model(listStore)
cell = gtk.CellRendererText()
self.enabledOptionMenu.pack_start(cell, True)
self.enabledOptionMenu.add_attribute(cell, 'text', 0)
self.enabledOptionMenu.append_text(_("Enforcing"))
self.enabledOptionMenu.append_text(_("Permissive"))
self.enabledOptionMenu.append_text(_("Disabled"))
if self.read_selinux_config() == None:
self.seLinuxVBox.set_sensitive(False)
self.selinuxsupport = False
else:
self.enabledOptionMenu.connect("changed", self.enabled_changed)
# This line should always go last
self.dirty = False
def setup_relabel(self):
fd=open(RELABELFILE,"w")
fd.close()
def set_current_mode(self,value):
return commands.getoutput("/usr/sbin/setenforce %d" % value)
def verify(self, message):
dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
gtk.BUTTONS_YES_NO,
message)
dlg.set_position(gtk.WIN_POS_MOUSE)
dlg.show_all()
rc = dlg.run()
dlg.destroy()
return rc
def enabled_changed(self, combo):
setting = combo.get_active()
if setting < 2:
enabled = True
else:
enabled = False
# If the combo has been changed back to its inital setting, we don't
# need to do anything.
if setting == self.initEnabled:
self.dirty = False
self.needRelabel = False
else:
self.dirty = True
# If we were initially disabled, we must be set to enabling here.
if self.initEnabled == DISABLED:
if not self.inFirstboot and self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO:
return None
self.needRelabel = True
else:
self.needRelabel = False
def read_selinux_config(self):
self.initEnabled = DISABLED
self.boolconf={}
self.types=[]
if os.access(SELINUXDIR, os.F_OK) == 0:
#File doesn't exist. return
return None
self.conf=ConfShellVar(SELINUXDIR+"config")
self.conf.rcs=1
if self.conf.has_key("SELINUX"):
value=self.conf.vars["SELINUX"].upper().strip()
else:
value="ENFORCING"
self.conf.vars["SELINUX"]=value
if value == "ENFORCING":
self.initEnabled = ENFORCING
self.enabledOptionMenu.set_active(ENFORCING)
elif value == "PERMISSIVE":
self.initEnabled = PERMISSIVE
self.enabledOptionMenu.set_active(PERMISSIVE)
elif value == "DISABLED":
self.initEnabled = DISABLED
self.enabledOptionMenu.set_active(DISABLED)
self.enabled_changed(self.enabledOptionMenu)
return 0
def apply(self):
retval = 0
if not self.selinuxsupport:
return retval
if self.dirty:
enabled = self.enabledOptionMenu.get_active()
newMode = 0
if enabled == ENFORCING:
self.conf["SELINUX"] = "enforcing"
newMode = 1
elif enabled == PERMISSIVE:
self.conf["SELINUX"] = "permissive"
newMode = 0
elif enabled == DISABLED:
# The only way to make sure SELinux is disabled is to reboot.
# We should also setenforce 0 right now too.
self.conf["SELINUX"] = "disabled"
newMode = 0
retval = 1
if not self.doDebug:
self.conf.write()
self.set_current_mode(newMode)
if self.needRelabel:
if not self.doDebug:
self.setup_relabel()
retval = 1
else:
if os.access(RELABELFILE, os.F_OK) != 0 and not self.doDebug:
os.unlink(RELABELFILE)
return retval
|