%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/states/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/states/selinux.pyo

�
���^c@@s�dZddlmZmZmZddlmZd�Zd�Zd�Z	d�Z
d�Zed	�Z
d
dd�Zd
�Zd�Zdddd�Zddddd�Zed�Zdddd�Zdddd�ZdS(u�
Management of SELinux rules
===========================

If SELinux is available for the running system, the mode can be managed and
booleans can be set.

.. code-block:: yaml

    enforcing:
        selinux.mode

    samba_create_home_dirs:
        selinux.boolean:
          - value: True
          - persist: True

    nginx:
        selinux.module:
          - enabled: False

.. note::
    Use of these states require that the :mod:`selinux <salt.modules.selinux>`
    execution module is available.
i(tabsolute_importtunicode_literalstprint_function(tsixcC@sdtkrdStS(uL
    Only make this state available if the selinux module is available.
    uselinux.getenforceuselinux(t__salt__tFalse(((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyt__virtual__"scC@s�tj|�j�}t|jd�|dk|dkg�rCdSt|jd�|dk|dkg�rqdSt|jd	�g�r�d
SdS(u1
    Return a mode value that is predictable
    ueu1uonu	Enforcingupu0uoffu
PermissiveuduDisableduunknown(Rt	text_typetlowertanyt
startswith(tmode((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyt_refine_mode)s		cC@s9tj|�j�}|d	kr%dS|d
kr5dSdS(u@
    Return a yes/no value, or None if the input is invalid
    u1uonuyesutrueu0uoffunoufalse(u1uonuyesutrue(u0uoffunoufalseN(RRRtNone(tvalue((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyt
_refine_value;scC@s9tj|�j�}|dkr%dS|d
kr5d
SdS(u]
    Return a predictable value, or allow us to error out
    .. versionadded:: 2016.3.0
    u1uonuyesutrueuenabledu0uoffunoufalseudisableduunknown(u1uonuyesutrueuenabled(u0uoffunoufalseudisabled(RRR(tmodule_state((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyt_refine_module_stateGscC@s�i|d6td6dd6id6}t|�}|dkrQdj|�|d<|Std�}td	�}||kr�||kr�||kr�|}n||kr�t|d<d
j|�|d<|Stdrdj|�|d<d|d<i|d
6|d6|d<|S|td|�}}||ksJ|dkr�td	�|kr�t|d<dj|�|d<i|d
6|d6|d<|Sdj|�|d<|S(u<
    Verifies the mode SELinux is running in, can be set to enforcing,
    permissive, or disabled

    .. note::
        A change to or from disabled mode requires a system reboot. You will
        need to perform this yourself.

    name
        The mode to run SELinux in, permissive, enforcing, or disabled.
    unameuresultuucommentuchangesuunknownu{0} is not an accepted modeuselinux.getenforceuselinux.getconfiguSELinux is already in {0} modeutestu(SELinux mode is set to be changed to {0}uoldunewuselinux.setenforceuDisabledu SELinux has been set to {0} modeu!Failed to set SELinux to {0} modeN(RRtformatRtTruet__opts__R
(tnametretttmodeRtconfigtoldmode((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyRTs@



$	




+

cC@s�i|d6td6dd6id6}td�}||kr\dj|�|d<t|d<|St|�}|dkr�dj|�|d<t|d<|S||d	|k}||d
|k}|r�|r�|r�d|d<|Sn|r�d|d<|Stdr"d|d<d
j||�|d<|Std|||�|d<|dr�dj||�|d<|djii||d	d6|d6d	6�|r�|r�|djii||d
d6|d6d
6�n|Sdj||�|d<|S(u�
    Set up an SELinux boolean

    name
        The name of the boolean to set

    value
        The value to set on the boolean

    persist
        Defaults to False, set persist to true to make the boolean apply on a
        reboot
    unameuresultuucommentuchangesuselinux.list_sebooluBoolean {0} is not availableu({0} is not a valid value for the booleanuStateuDefaultuBoolean is in the correct stateutestu'Boolean {0} is set to be changed to {1}uselinux.setsebooluBoolean {0} has been set to {1}uoldunewu$Failed to set the boolean {0} to {1}N(RRRRRR
Rtupdate(RRtpersistRtboolstrvaluetstatetdefault((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytboolean�sP











uEnableduanyc
K@s4i|d6td6dd6id6}|jdt�r^|jdt�r^t|d<d|d<|S|jdt�r�|jd	|�}t|�}|ds�|Sn|jdt�r�t|�Std
�}||kr�dj|�|d<t|d<|St|�}|dkr1d
j|t�|d<t|d<|S|dkr~||d}||ks~dj||�|d<t|d<|Snt||d�}	||	kr�dj|�|d<|St	dr�d|d<dj||�|d<|Std||�rdj||�|d<|St|d<dj||�|d<|S(u;
    Enable/Disable and optionally force a specific version for an SELinux module

    name
        The name of the module to control

    module_state
        Should the module be enabled or disabled?

    version
        Defaults to no preference, set to a specified value if required.
        Currently can only alert if the version is incorrect.

    install
        Setting to True installs module

    source
        Points to module source file, used only when install is True

    remove
        Setting to True removes module

    .. versionadded:: 2016.3.0
    unameuresultuucommentuchangesuinstalluremoveu*Cannot install and remove at the same timeusourceuselinux.list_semoduModule {0} is not availableuunknownu,{0} is not a valid state for the {1} module.uanyuVersionudModule version is {0} and does not match the desired version of {1} or you are using semodule >= 2.4uEnabledu"Module {0} is in the desired stateutestu&Module {0} is set to be toggled to {1}uselinux.setsemoduModule {0} has been set to {1}u#Failed to set the Module {0} to {1}N(RtgetRtmodule_installt
module_removeRRRtmoduleRR
(
RRtversiontoptsRtmodule_pathtmodulest
rmodule_statetinstalled_versiontcurrent_module_state((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyR$�s`

$










cC@sji|d6td6dd6id6}td|�rIdj|�|d<|St|d<dj|�|d<|S(	u�
    Installs custom SELinux module from given file

    name
        Path to file with module to install

    .. versionadded:: 2016.11.6
    unameuresultuucommentuchangesuselinux.install_semoduModule {0} has been installeduFailed to install module {0}(RRRR(RR((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyR"s	


cC@s�i|d6td6dd6id6}td�}||kr\dj|�|d<t|d<|Std|�r�d	j|�|d<|St|d<d
j|�|d<|S(ut
    Removes SELinux module

    name
        The name of the module to remove

    .. versionadded:: 2016.11.6
    unameuresultuucommentuchangesuselinux.list_semoduModule {0} is not availableuselinux.remove_semoduModule {0} has been removeduFailed to remove module {0}(RRRR(RRR(((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyR#$s	




uacC@sni|d6td6id6dd6}i}i}td|�}tdd|d	|d
|d|d|�}	|	sii|d
6|d6|6}tdr�|jidd6�q2tdd|d	|d
|d|d|�}
|
ddkr|jidj|
�d6�q2|jitd6�n|	d|krj|jii|	dd6|6�|jii|d6|6�n8|jitd6dj|�dj||�d6�|Stdr�|jidd6�notdd|d	|d
|d|d|�}|ddkr|jidj|�d6�n|jitd6�|drj|sH|rj|dji|d6|d6�n|S(u"
    .. versionadded:: 2017.7.0

    Makes sure a SELinux policy for a given filespec (name), filetype
    and SELinux context type is present.

    name
        filespec of the file or directory. Regex syntax is allowed.

    sel_type
        SELinux context type. There are many.

    filetype
        The SELinux filetype specification. Use one of [a, f, d, c, b,
        s, l, p]. See also `man semanage-fcontext`. Defaults to 'a'
        (all files).

    sel_user
        The SELinux user.

    sel_level
        The SELinux MLS range.
    unameuresultuchangesuucommentuselinux.filetype_id_to_stringuselinux.fcontext_get_policyRtfiletypetsel_typetsel_usert	sel_levelufiletypeusel_typeutestuselinux.fcontext_add_policyuretcodeiuError adding new rule: {0}u)SELinux policy for "{0}" already present u1with specified filetype "{0}" and sel_type "{1}".uoldunewN(RRRRR
RR(RR-R,R.R/Rt	new_statet	old_statetfiletype_strt
current_statetadd_rett
change_ret((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytfcontext_policy_present>s\"
	

	 

	 "c
C@shi|d6td6id6dd6}i}i}tdd|d|d	|d
|d|�}|s�|jitd6dj|�d
j||�d6�|S|ji||6�|dji|d6|d6�tdr�|jidd6�nytdd|d|d	|p|dd
|d|�}	|	ddkrP|jidj|	�d6�n|jitd6�|S(u3
    .. versionadded:: 2017.7.0

    Makes sure an SELinux file context policy for a given filespec
    (name), filetype and SELinux context type is absent.

    name
        filespec of the file or directory. Regex syntax is allowed.

    filetype
        The SELinux filetype specification. Use one of [a, f, d, c, b,
        s, l, p]. See also `man semanage-fcontext`. Defaults to 'a'
        (all files).

    sel_type
        The SELinux context type. There are many.

    sel_user
        The SELinux user.

    sel_level
        The SELinux MLS range.
    unameuresultuchangesuucommentuselinux.fcontext_get_policyRR,R-R.R/u(SELinux policy for "{0}" already absent u1with specified filetype "{0}" and sel_type "{1}".uoldunewutestuselinux.fcontext_delete_policyusel_typeuretcodeiuError removing policy: {0}N(RRRRRRR
(
RR,R-R.R/RR0R1R3t
remove_ret((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytfcontext_policy_absent�s<"
	

	 cC@s�i|d6td6id6dd6}td||�}|dkri|jitd6dj|�d6�|Stdr�|jidd6�nktd	||�}|d
dkr�|ji|d6�n1|jitd6�|ji|jd�d6�|S(
uz
    .. versionadded:: 2017.7.0

    Checks and makes sure the SELinux policies for a given filespec are
    applied.
    unameuresultuchangesuucommentu"selinux.fcontext_policy_is_appliedu7SElinux policies are already applied for filespec "{0}"utestuselinux.fcontext_apply_policyuretcodeiN(RRRRRRR
R!(Rt	recursiveRtchanges_textt	apply_ret((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytfcontext_policy_applied�s"
c	C@s`i|d6td6id6dd6}tdd|d|d	|d
|�}|r�|jitd6dj|�dj|||�d6�|Std
r�|jidd6�n�tdd|d|d	|d
|d|�}|ddkr|jidj|�d6�nX|jitd6�tdd|d|d	|d
|�}|dji|d6|d6�|S(u
    .. versionadded:: 2019.2.0

    Makes sure an SELinux port policy for a given port, protocol and SELinux context type is present.

    name
        The protocol and port spec. Can be formatted as ``(tcp|udp)/(port|port-range)``.

    sel_type
        The SELinux Type.

    protocol
        The protocol for the port, ``tcp`` or ``udp``. Required if name is not formatted.

    port
        The port or port range. Required if name is not formatted.

    sel_range
        The SELinux MLS/MCS Security Range.
    unameuresultuchangesuucommentuselinux.port_get_policyRR-tprotocoltportu)SELinux policy for "{0}" already present u=with specified sel_type "{0}", protocol "{1}" and port "{2}".utestuselinux.port_add_policyt	sel_rangeuretcodeiuError adding new policy: {0}uoldunewN(RRRRRRR
(	RR-R=R>R?RR1R4R0((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytport_policy_present�s<"
	

	 
	c	C@sTi|d6td6id6dd6}tdd|d|d	|d
|�}|s�|jitd6dj|�dj|||�d6�|Std
r�|jidd6�n�tdd|d	|d
|�}|ddkr�|jidj|�d6�nX|jitd6�tdd|d|d	|d
|�}|dji|d6|d6�|S(u4
    .. versionadded:: 2019.2.0

    Makes sure an SELinux port policy for a given port, protocol and SELinux context type is absent.

    name
        The protocol and port spec. Can be formatted as ``(tcp|udp)/(port|port-range)``.

    sel_type
        The SELinux Type. Optional; can be used in determining if policy is present,
        ignored by ``semanage port --delete``.

    protocol
        The protocol for the port, ``tcp`` or ``udp``. Required if name is not formatted.

    port
        The port or port range. Required if name is not formatted.
    unameuresultuchangesuucommentuselinux.port_get_policyRR-R=R>u(SELinux policy for "{0}" already absent u=with specified sel_type "{0}", protocol "{1}" and port "{2}".utestuselinux.port_delete_policyuretcodeiuError deleting policy: {0}uoldunewN(RRRRRRR
(RR-R=R>RR1t
delete_retR0((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pytport_policy_absents8"
	

	 
	N(t__doc__t
__future__RRRtsalt.extRRRRRRRR R$R"R#R
R6R8R<R@RB(((s7/usr/lib/python2.7/site-packages/salt/states/selinux.pyt<module>s 				
	4:M		Q;7

Zerion Mini Shell 1.0