Research Menu

.
Skip Search Box

SELinux Mailing List

[PATCH] semanage: Use semanage_mls_enabled

From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Wed, 12 Nov 2008 09:43:26 -0500


Change semanage/seobject to use semanage_mls_enabled() rather than is_selinux_mls_enabled(). I dropped the mls enabled tests altogether from the semanage front-end script since setting up a handle is done by seobject.py; if those checks are actually important, we could move them inside of the seobject methods, but I'm not clear on the real benefit of those checks. In seobject.py, I moved the setting of the is_mls_enabled variable inside of get_handle(store) after the connect. I also dropped the is_mls_enabled test from setransRecords since no handle/connection exists there (since translations are not managed via libsemanage), and again I'm not clear that the check there was overly important/useful.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage index c34e594..eb0ac34 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -38,8 +38,6 @@ except IOError:

        import __builtin__
        __builtin__.__dict__['_'] = unicode

-is_mls_enabled=selinux.is_selinux_mls_enabled() -
 if __name__ == '__main__':  

         def usage(message = ""):
@@ -270,16 +268,12 @@ Object-specific Options (see above):

                                 store = a   

 			if o == "-r" or o == '--range':
-				if is_mls_enabled == 0:
-                                       raise ValueError(_("range not supported on Non MLS machines"))
 				serange = a
 
 			if o == "-l" or o == "--list":
 				list = True
 
 			if o == "-L" or o == '--level':
-				if is_mls_enabled == 0:
-                                       raise ValueError(_("range not supported on Non MLS machines"))
 				selevel = a
 
 			if o == "-p" or o == '--proto':

diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py index c5379ac..8bf188a 100644
--- a/policycoreutils/semanage/seobject.py +++ b/policycoreutils/semanage/seobject.py
@@ -35,14 +35,13 @@ except IOError:
        import __builtin__
        __builtin__.__dict__['_'] = unicode

-is_mls_enabled = selinux.is_selinux_mls_enabled() -
 import syslog  

 handle = None  

 def get_handle(store): 

        global handle
+       global is_mls_enabled
 
        handle = semanage_handle_create()
        if not handle:


@@ -63,7 +62,13 @@ def get_handle(store):

        rc = semanage_connect(handle)
        if rc < 0:
               semanage_handle_destroy(handle)
-              raise ValueError(_("Could not establish semanage connection"))       
+              raise ValueError(_("Could not establish semanage connection"))
+
+       is_mls_enabled = semanage_mls_enabled(handle)
+       if is_mls_enabled < 0:
+              semanage_handle_destroy(handle)
+              raise ValueError(_("Could not test MLS enabled status"))
+
        return handle

 file_types = {}
@@ -192,8 +197,6 @@ def untranslate(trans, prepend = 1):
         

 class setransRecords: 

 	def __init__(self):
-		if not is_mls_enabled:
-			raise ValueError(_("translations not supported on non-MLS machines"))			
 		self.filename = selinux.selinux_translations_path()
 		try:
 			fd = open(self.filename, "r")


-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Received on Wed 12 Nov 2008 - 09:44:46 EST
 

Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009

  
bottom
National Security Agency / Central Security Service