Signed-off-by: Leonidas Da Silva Barbosa <leosilva(a)linux.vnet.ibm.com>
---
policycoreutils/sepolicy/sepolicy.py | 52 ++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
index 74fb347..abc6341 100755
--- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py
@@ -620,6 +620,57 @@ def gen_generate_args(parser):
help=_("executable to confine"))
pol.set_defaults(func=generate)
+
+def admin(args):
+ from sepolicy import seadmin
+
+ if args.add and args.adminrole and args.login:
+ seisolate.create_user(args.adminrole, args.login, args.user)
+ seisolate.link(args.adminrole, args.login, args.commands)
+ elif args.add and not args.adminrole or args.login:
+ print("Role and LOGIN must be specified")
+ sys.exit(1)
+
+ if args.modify and args.adminrole and args.user:
+ seisolate.modify(args.user, args.adminrole)
+ elif args.modify and not args.adminrole or not args.user:
+ print("A user and a role must be specified")
+ sys.exit(1)
+
+ if args.delete and args.user and args.login:
+ seisolate.delete(args.user, args.login)
+ elif args.delete and not args.user or not args.login:
+ print("An user and a LOGIN must the specified")
+ sys.exit(1)
+
+
+def gen_admin_args(parser):
+ admin = parser.add_parser("admin",
+ help=_("Create a link between LOGIN and admin
user"))
+ admin.add_argument("-a", "--add", dest="add",
+ action="store_true", default=False,
+ help=_("Add a new admin user"))
+ admin.add_argument("-u", "--user", dest="user",
+ action="store",
+ help=_("Receive an admin user if passed"))
+ admin.add_argument("-r", "--role", dest="adminrole",
+ action=CheckRole,
+ help=_("Receive an admin role name"))
+ admin.add_argument("-l", "--login", dest="login",
+ action="store",
+ help=_("Receive a LOGIN to create the admin user"))
+ admin.add_argument("-m", "--modify", dest="modify",
+ action="store_true", default=False,
+ help=_("Modify a given admin user"))
+ admin.add_argument("-d", "--delete", dest="delete",
+ action="store_true", default=False,
+ help=_("Delete a given admin user and a LOGIN"))
+ admin.add_argument("-e", "--extend", dest="commands",
+ actions="store", default="ALL",
+ help=_("Receive commands to set in sudoers file"))
+ admin.set_defaults(func=admin)
+
+
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='SELinux Policy Inspection
Tool')
subparsers = parser.add_subparsers(help=_("commands"))
@@ -634,6 +685,7 @@ if __name__ == '__main__':
gen_manpage_args(subparsers)
gen_network_args(subparsers)
gen_transition_args(subparsers)
+ gen_admin_args(subparsers)
try:
if os.path.basename(sys.argv[0]) == "sepolgen":
--
1.8.3.1
Show replies by date