[selinux-policy: 426/3172] change modules.conf handling

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:41:34 UTC 2010 

commit a4c639ddd5f63231fe37a5692c6af77185fbffd9
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jun 28 15:19:40 2005 +0000

    change modules.conf handling

 refpolicy/support/sedoctool.py |   44 +++++++++++++++++++++++++++++++++++----
 1 files changed, 39 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/support/sedoctool.py b/refpolicy/support/sedoctool.py
index 0efce0c..320b63a 100755
--- a/refpolicy/support/sedoctool.py
+++ b/refpolicy/support/sedoctool.py
@@ -19,6 +19,10 @@ import os
 import string
 from xml.dom.minidom import parse, parseString
 
+#modules.conf default enabled and disabled values
+ENABLED = "on"
+DISABLED = "off"
+
 def read_policy_xml(filename):
 	try:
 		xml_fh = open(filename)
@@ -50,10 +54,12 @@ def gen_tunable_conf(doc, file):
 	            		file.write("%s = %s\n\n" % (tun_name, tun_val))
 				tun_name = tun_val = None
 
-def gen_module_conf(doc, file):
+def gen_module_conf(doc, file, old_conf):
+	# If file exists, preserve settings and modify if needed.
+	# Otherwise, create it.
 	file.write("#\n# This file contains a listing of available modules.\n")
 	file.write("# To prevent a module from  being used in policy\n")
-	file.write("# creation, uncomment the line with its name.\n#\n")
+	file.write("# creation, set the module name to %s.\n#\n" % DISABLED)
 	for node in doc.getElementsByTagName("module"):
 		mod_name = mod_layer = None
 
@@ -67,8 +73,27 @@ def gen_module_conf(doc, file):
 				continue
 			s = string.split(format_txt_desc(desc), "\n")
 			for line in s:
-				file.write("# %s\n" % line)	
-			file.write("#%s\n\n" % mod_name)
+				file.write("# %s\n" % line)
+
+			if mod_name in old_conf:
+				file.write("%s = %s\n\n" % (mod_name, DISABLED))
+			else:
+				file.write("%s = %s\n\n" % (mod_name, ENABLED))
+
+def get_old_conf(conf):
+	'''
+	Returns the disabled modules in the config file.
+	'''
+
+	conf_lines = conf.readlines()
+
+	module_list = []
+	for line in conf_lines:
+		if line.strip() != '' and line.strip()[0] != "#":
+			module = line.strip().split("=")
+			if module[1].strip() == DISABLED:
+				module_list.append(module[0].strip())
+	return module_list
 
 def stupid_cmp(a, b):
 	return cmp(a[0], b[0])
@@ -367,11 +392,20 @@ if tunables:
 
 
 if modules:
+	old_conf = []
+	if os.path.exists(modules):
+		try:
+			conf = open(modules, 'r')
+		except:
+			error("Could not open modules file for reading")
+		old_conf = get_old_conf(conf)	
+		conf.close()
+
 	try:
 		conf = open(modules, 'w')
 	except:
 		error("Could not open modules file for writing")
-	gen_module_conf(doc, conf)
+	gen_module_conf(doc, conf, old_conf)
 	conf.close()
 
 if docsdir:

More information about the scm-commits mailing list