[selinux-policy] Fix genman.py script to descrite nsswitch_domain booleans for domain types

Miroslav Grepl mgrepl at fedoraproject.org
Mon Jul 23 14:39:17 UTC 2012 

commit 9c935861d2c7d8ba9f020e4c0bebba8139b956b3
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Mon Jul 23 16:38:28 2012 +0200

    Fix genman.py script to descrite nsswitch_domain booleans for domain types

 genman.py |   49 +++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 43 insertions(+), 6 deletions(-)
---
diff --git a/genman.py b/genman.py
index 1366c7a..e7c7572 100755
--- a/genman.py
+++ b/genman.py
@@ -27,9 +27,11 @@ import datetime
 import setools
 import sys
 
+all_attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE))
 entrypoints =  setools.seinfo(setools.ATTRIBUTE,"entry_type")[0]["types"]
 alldomains =  setools.seinfo(setools.ATTRIBUTE,"domain")[0]["types"]
 domains = []
+
 for d in alldomains:
     found = False
     if d[:-2] + "_exec_t" not in entrypoints:
@@ -76,8 +78,16 @@ class ManPage:
         self.anon_list = []
         self.fd = open("%s/%s_selinux.8" % (path, domainname), 'w')
 
+        self.attributes = {}
+        self.ptypes = []
+        self.get_ptypes()
+
+        for domain_type in self.ptypes:
+            self.attributes[domain_type] = setools.seinfo(setools.TYPE,("%s") % domain_type)[0]["attributes"]
+
         self.header()
         self.booleans()
+        self.nsswitch_domain()
         self.public_content()
         self.file_context()
         self.port_types()
@@ -85,6 +95,11 @@ class ManPage:
         self.footer()
         self.fd.close()
 
+    def get_ptypes(self):
+        for f in alldomains:
+            if f.startswith(self.short_name):
+                self.ptypes.append(f)
+
     def header(self):
         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(domainname)s" "dwalsh at redhat.com" "%(domainname)s SELinux Policy documentation"'
                  % {'domainname':self.domainname})
@@ -213,12 +228,34 @@ SELinux policy is customizable based on least access required.  %s policy is ext
 
             self.fd.write(self.booltext)
 
+    def nsswitch_domain(self):
+        nsswitch_types = []
+        nsswitch_booleans = ['authlogin_nsswitch_use_ldap', 'allow_kerberos','allow_ypbind']
+        nsswitchbooltext = ""
+        if "nsswitch_domain" in all_attributes:
+            self.fd.write("""
+.SH NSSWITCH DOMAIN
+""")
+            for k in self.attributes.keys():    
+                if "nsswitch_domain" in self.attributes[k]:
+                    nsswitch_types.append(k)
+
+            if len(nsswitch_types):
+                for i in nsswitch_booleans:
+                    desc = seobject.booleans_dict[i][2][0].lower() + seobject.booleans_dict[i][2][1:-1]
+                    nsswitchbooltext += """
+.PP
+If you want to %s for the %s, you must turn on the %s boolean.
+
+.EX
+setsebool -P %s 1
+.EE
+""" % (desc,(", ".join(nsswitch_types)), i, i)
+
+        self.fd.write(nsswitchbooltext)
+
     def process_types(self):
-        ptypes = []
-        for f in alldomains:
-            if f.startswith(self.short_name):
-                ptypes.append(f)
-        if len(ptypes) == 0:
+        if len(self.ptypes) == 0:
             return
         self.fd.write(r"""
 .SH PROCESS TYPES
@@ -234,7 +271,7 @@ The following process types are defined for %(domainname)s:
         self.fd.write("""
 .EX
 .B %s 
-.EE""" % ", ".join(ptypes))
+.EE""" % ", ".join(self.ptypes))
         self.fd.write("""
 .PP
 Note:

More information about the scm-commits mailing list