From: Caleb Case <ccase@tresys.com>
To: selinux@tycho.nsa.gov
Cc: csellers@tresys.com, kmacmillan@tresys.com,
jwcart2@tycho.nsa.gov, jbrindle@tresys.com, sds@tycho.nsa.gov,
Caleb Case <ccase@tresys.com>
Subject: [PATCH 02/13] semanage: move permissive module creation to /tmp
Date: Wed, 23 Dec 2009 18:25:49 -0500 [thread overview]
Message-ID: <1261610760-4724-3-git-send-email-ccase@tresys.com> (raw)
In-Reply-To: <1261610760-4724-2-git-send-email-ccase@tresys.com>
semanage currently uses /var/lib/selinux/tmp to create permissive
modules. However, with the move to /var, the same tmp directory is used
for building policy binaries, causing a conflict. This patch creates a
random temporary directory in /tmp and moves permissive module creation
to that directory, avoiding the directory conflict.
This patch also imports shutil for rmtree to easily delete all created
temporary files.
---
policycoreutils/semanage/seobject.py | 15 +++++----------
1 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index b7d257b..0aa7759 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -21,7 +21,7 @@
#
#
-import pwd, grp, string, selinux, tempfile, os, re, sys, stat
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
from semanage import *;
PROGNAME = "policycoreutils"
import sepolgen.module as module
@@ -271,7 +271,8 @@ class permissiveRecords(semanageRecords):
def add(self, type):
import glob
name = "permissive_%s" % type
- dirname = "/var/lib/selinux"
+ dirname = tempfile.mkdtemp("-semanage")
+ savedir = os.getcwd()
os.chdir(dirname)
filename = "%s.te" % name
modtxt = """
@@ -296,14 +297,8 @@ permissive %s;
if rc >= 0:
self.commit()
- for root, dirs, files in os.walk("tmp", topdown = False):
- for name in files:
- os.remove(os.path.join(root, name))
- for name in dirs:
- os.rmdir(os.path.join(root, name))
- os.removedirs("tmp")
- for i in glob.glob("permissive_%s.*" % type):
- os.remove(i)
+ os.chdir(savedir)
+ shutil.rmtree(dirname)
if rc < 0:
raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
--
1.6.0.4
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-12-23 23:25 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-23 23:25 [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Caleb Case
2009-12-23 23:25 ` [PATCH 01/13] libsemanage: fix typo in tests makefile -o -> -O Caleb Case
2009-12-23 23:25 ` Caleb Case [this message]
2009-12-23 23:25 ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Caleb Case
2009-12-23 23:25 ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Caleb Case
2009-12-23 23:25 ` [PATCH 05/13] libsemanage: update unit tests for move to /var/lib/selinux Caleb Case
2009-12-23 23:25 ` [PATCH 06/13] libsemanage: add default priority to semanage_handle_t Caleb Case
2009-12-23 23:25 ` [PATCH 07/13] libsemanage: augment semanage_module_info_t and provide semanage_module_key_t Caleb Case
2009-12-23 23:25 ` [PATCH 08/13] libsemanage: get/set module info and enabled status Caleb Case
2009-12-23 23:25 ` [PATCH 09/13] libsemanage: provide function to get new base module path Caleb Case
2009-12-23 23:25 ` [PATCH 10/13] libsemanage: installing/upgrading/removing modules via info and key Caleb Case
2009-12-23 23:25 ` [PATCH 11/13] libsemanage: new private api for unstable functions Caleb Case
2009-12-23 23:25 ` [PATCH 12/13] semodule: add priority, enabled, and extended listing Caleb Case
2009-12-23 23:26 ` [PATCH 13/13] semanage store migration script Caleb Case
2010-01-08 15:34 ` Stephen Smalley
2010-01-08 20:59 ` James Carter
2010-01-08 21:05 ` Stephen Smalley
2010-01-08 21:27 ` Caleb Case
2010-01-11 19:53 ` James Carter
2010-01-11 19:57 ` Joshua Brindle
2010-01-11 20:45 ` James Carter
2010-01-08 14:30 ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Stephen Smalley
2010-01-08 15:07 ` James Carter
2010-01-08 15:28 ` Stephen Smalley
2010-01-08 18:25 ` Caleb Case
2010-01-08 20:19 ` Joshua Brindle
2010-01-08 20:25 ` Stephen Smalley
2010-01-08 20:30 ` Joshua Brindle
2010-01-08 20:51 ` Joshua Brindle
2010-01-08 20:58 ` Stephen Smalley
2010-01-08 21:02 ` Joshua Brindle
2010-01-08 21:04 ` Stephen Smalley
2010-01-08 21:12 ` James Carter
2010-01-08 14:28 ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Stephen Smalley
2010-01-08 14:50 ` James Carter
2010-01-08 15:19 ` Stephen Smalley
2010-01-07 22:28 ` [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Chad Sellers
2010-01-08 14:30 ` James Carter
2010-01-21 21:06 ` Chad Sellers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1261610760-4724-3-git-send-email-ccase@tresys.com \
--to=ccase@tresys.com \
--cc=csellers@tresys.com \
--cc=jbrindle@tresys.com \
--cc=jwcart2@tycho.nsa.gov \
--cc=kmacmillan@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.