|
Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
 |
SELinux Mailing ListAdd restorecon and install methods for libselinux python bindings.
From: Daniel J Walsh <dwalsh_at_redhat.com>
Date: Mon, 17 Nov 2008 10:30:36 -0500
Luke Macken wrote restorecon and install functions used in Fedora
Infrastructure which can be used to install files with the proper
context and to fix the labels of files/directories without having to
exec restorecon.
iEYEARECAAYFAkkhjhwACgkQrlYvE4MpobPyDgCfZ3vdiX/irkv3A9ka89LvUV1s
RjQAniK+8rHaotyzEVoCM/yIg8nvAk8x
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.75/src/selinux.py --- nsalibselinux/src/selinux.py 2008-08-28 09:34:24.000000000 -0400 +++ libselinux-2.0.75/src/selinux.py 2008-11-14 17:09:54.000000000 -0500 @@ -1,5 +1,5 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.33 +# Version 1.3.35 # # Don't modify this file, modify the SWIG interface instead. # This file is compatible with both classic and new-style classes. @@ -48,6 +48,29 @@ del types +import shutil, os + +def restorecon(path, recursive=False): + """ Restore SELinux context on a given path """ + mode = os.stat(path)[stat.ST_MODE] + status, context = matchpathcon(path, mode) + if status == 0: + lsetfilecon(path, context) + if recursive: + os.path.walk(path, lambda arg, dirname, fnames: + map(restorecon, [os.path.join(dirname, fname) + s for fname in fnames]), None) + +def copytree(src, dest): + """ An SELinux-friendly shutil.copytree method """ + shutil.copytree(src, dest) + restorecon(dest, recursive=True) + +def install(src, dest): + """ An SELinux-friendly shutil.move method """ + shutil.move(src, dest) + restorecon(dest, recursive=True) + is_selinux_enabled = _selinux.is_selinux_enabled is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled getcon = _selinux.getcon diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_python.i libselinux-2.0.75/src/selinuxswig_python.i --- nsalibselinux/src/selinuxswig_python.i 2008-08-28 09:34:24.000000000 -0400 +++ libselinux-2.0.75/src/selinuxswig_python.i 2008-11-14 17:09:50.000000000 -0500 %}
+%pythoncode %{
+
+import shutil, os
+
+def restorecon(path, recursive=False):
+ """ Restore SELinux context on a given path """
+ mode = os.stat(path)[stat.ST_MODE]
+ status, context = matchpathcon(path, mode)
+ if status == 0:
+ lsetfilecon(path, context)
+ if recursive:
+ os.path.walk(path, lambda arg, dirname, fnames:
+ map(restorecon, [os.path.join(dirname, fname)
+ s for fname in fnames]), None)
+
+def copytree(src, dest):
+ """ An SELinux-friendly shutil.copytree method """
+ shutil.copytree(src, dest)
+ restorecon(dest, recursive=True)
+
+def install(src, dest):
+ """ An SELinux-friendly shutil.move method """
+ shutil.move(src, dest)
+ restorecon(dest, recursive=True)
+%}
+
/* security_get_boolean_names() typemap */ %typemap(argout) (char ***names, int *len) {
PyObject* list = PyList_New(*$2);
--- nsalibselinux/src/selinuxswig_wrap.c 2008-08-28 09:34:24.000000000 -0400 +++ libselinux-2.0.75/src/selinuxswig_wrap.c 2008-11-14 17:09:54.000000000 -0500 @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). - * Version 1.3.33 + * Version 1.3.35 *
/* This should only be incremented when either the layout of swig_type_info changes,
or for whatever reason, the runtime changes incompatibly */
-#define SWIG_RUNTIME_VERSION "3"
/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
#ifdef SWIG_TYPE_TABLE
/* Flags for pointer conversions */ #define SWIG_POINTER_DISOWN 0x1 +#define SWIG_CAST_NEW_MEMORY 0x2 /* Flags for new pointer objects */ #define SWIG_POINTER_OWN 0x1 @@ -301,10 +302,10 @@ extern "C" { #endif -typedef void *(*swig_converter_func)(void *); +typedef void *(*swig_converter_func)(void *, int *); typedef struct swig_type_info *(*swig_dycast_func)(void **); -/* Structure to store inforomation on one type */ +/* Structure to store information on one type */ typedef struct swig_type_info { const char *name; /* mangled name of this type */ const char *str; /* human readable name of this type */ @@ -431,8 +432,8 @@
Cast a pointer up an inheritance hierarchy
*/
/*
Py_DECREF(old_str);
Py_DECREF(value);
} else { - PyErr_Format(PyExc_RuntimeError, mesg); + PyErr_SetString(PyExc_RuntimeError, mesg);
}
@@ -1416,7 +1417,7 @@
swig_type_info *ty = sobj->ty;
PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
PyObject *destroy = data ? data->destroy : 0;
+ }
#if !defined(SWIG_PYTHON_SILENT_MEMLEAK) - printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name); -#endif
+ else {
+ const char *name = SWIG_TypePrettyName(ty);
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown"));
}
+#endif
}
SWIGRUNTIME int
PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
if (sobj) {
int oldown = sobj->own;
@@ -2506,7 +2524,7 @@ #define SWIG_name "_selinux" -#define SWIGVERSION 0x010333 +#define SWIGVERSION 0x010335 #define SWIG_VERSION SWIGVERSION
@@ -4273,7 +4291,7 @@ struct av_decision *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail; - result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision)); + result = (struct av_decision *)calloc(1, sizeof(struct av_decision));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct selinux_opt *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail; - result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt)); + result = (struct selinux_opt *)calloc(1, sizeof(struct selinux_opt));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj));
return SWIG_Py_Void();
union selinux_callback *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail; - result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback)); + result = (union selinux_callback *)calloc(1, sizeof(union selinux_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj));return SWIG_Py_Void(); } @@ -5586,7 +5604,7 @@ SELboolean *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail; - result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean)); + result = (SELboolean *)calloc(1, sizeof(SELboolean));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj));return SWIG_Py_Void(); } @@ -6139,7 +6157,7 @@ struct security_class_mapping *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail; - result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping)); + result = (struct security_class_mapping *)calloc(1, sizeof(struct security_class_mapping));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct security_id *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail; - result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id)); + result = (struct security_id *)calloc(1, sizeof(struct security_id));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct avc_entry_ref *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail; - result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref)); + result = (struct avc_entry_ref *)calloc(1, sizeof(struct avc_entry_ref));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct avc_memory_callback *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail; - result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback)); + result = (struct avc_memory_callback *)calloc(1, sizeof(struct avc_memory_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct avc_log_callback *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail; - result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback)); + result = (struct avc_log_callback *)calloc(1, sizeof(struct avc_log_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));return SWIG_Py_Void(); } @@ -8353,7 +8371,7 @@ struct avc_thread_callback *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail; - result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback)); + result = (struct avc_thread_callback *)calloc(1, sizeof(struct avc_thread_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct avc_lock_callback *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail; - result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback)); + result = (struct avc_lock_callback *)calloc(1, sizeof(struct avc_lock_callback));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj));
return SWIG_Py_Void();
struct avc_cache_stats *result = 0 ; if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail; - result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats)); + result = (struct avc_cache_stats *)calloc(1, sizeof(struct avc_cache_stats));
resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 );
return resultobj;
SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *obj;
SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj));
return SWIG_Py_Void();
clientdata = clientdata;
@@ -10523,6 +10541,9 @@
swig_module.type_initial = swig_type_initial;
swig_module.cast_initial = swig_cast_initial;
swig_module.next = &swig_module;
+ init = 1;
+ } else { + init = 0; }
/* Try and load any already created modules */
module_head->next = &swig_module;
+ /* When multiple interpeters are used, a module could have already been initialized in + a different interpreter, but not yet have a pointer in this interpreter. + In this case, we do not want to continue adding types... everything should be + set up already */ + if (init == 0) return; +
/* Now work on filling in swig_module.types */
#ifdef SWIGRUNTIME_DEBUG
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 17 Nov 2008 - 10:30:51 EST |
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |
Top NSA Banner
2008 National Security Agency
Privacy
|
Terms of Use
|
NoFEAR Act
|
FOIA
|
DNI.gov
|
DOD.mil
|
USA.gov
|
Contact Us
|
Site Map
Privacy
|
Terms of Use
|
NoFEAR Act
|
FOIA
|
DNI.gov
|
DOD.mil
|
USA.gov
|
Contact Us
|
Site Map