From eafe62886f8941e249d8eceaee732d3b35e19616 Mon Sep 17 00:00:00 2001 From: Pino Toscano Date: Thu, 29 Nov 2018 11:22:28 +0100 Subject: [PATCH] New lens: Semanage (#594) Introduce a new lens to parse /etc/selinux/semanage.conf instead of using Simplevars: the latter cannot handle the more complex syntax of groups introduced in newer versions of libsemanage. --- lenses/semanage.aug | 37 ++++++++++++++++ lenses/simplevars.aug | 1 - lenses/tests/test_semanage.aug | 81 ++++++++++++++++++++++++++++++++++ tests/Makefile.am | 1 + 4 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 lenses/semanage.aug create mode 100644 lenses/tests/test_semanage.aug diff --git a/lenses/semanage.aug b/lenses/semanage.aug new file mode 100644 index 00000000..46f93b32 --- /dev/null +++ b/lenses/semanage.aug @@ -0,0 +1,37 @@ +(* +Module: Semanage + Parses /etc/selinux/semanage.conf + +Author: + Pino Toscano + +About: License + This file is licenced under the LGPL v2+, like the rest of Augeas. + +About: Configuration files + This lens applies to /etc/selinux/semanage.conf. See . + +About: Examples + The file contains various examples and tests. +*) + +module Semanage = + autoload xfm + +let comment = IniFile.comment "#" "#" +let sep = IniFile.sep "=" "=" +let empty = IniFile.empty +let eol = IniFile.eol + +let entry = IniFile.entry IniFile.entry_re sep comment + | empty + +let title = IniFile.title_label "@group" (IniFile.record_re - /^end$/) +let record = [ title . entry+ . Util.del_str "[end]" . eol ] + +let lns = (entry | record)* + +(* Variable: filter *) +let filter = incl "/etc/selinux/semanage.conf" + +let xfm = transform lns filter diff --git a/lenses/simplevars.aug b/lenses/simplevars.aug index ad9795f0..6e6547cc 100644 --- a/lenses/simplevars.aug +++ b/lenses/simplevars.aug @@ -46,6 +46,5 @@ let filter = incl "/etc/kernel-img.conf" . incl "/etc/audit/auditd.conf" . incl "/etc/mixerctl.conf" . incl "/etc/wsconsctlctl.conf" - . incl "/etc/selinux/semanage.conf" let xfm = transform lns filter diff --git a/lenses/tests/test_semanage.aug b/lenses/tests/test_semanage.aug new file mode 100644 index 00000000..a6ceaca0 --- /dev/null +++ b/lenses/tests/test_semanage.aug @@ -0,0 +1,81 @@ +(* +Module: Test_Semanage + Provides unit tests and examples for the lens. +*) + +module Test_Semanage = + +(* Variable: phony_conf *) +let phony_conf = "# this is a comment + +mykey = myvalue # eol comment +anotherkey = another value +" + +(* Test: Semanage.lns *) +test Semanage.lns get phony_conf = + { "#comment" = "this is a comment" } + { } + { "mykey" = "myvalue" + { "#comment" = "eol comment" } } + { "anotherkey" = "another value" } + +(* Test: Semanage.lns + Quotes are OK in variables that do not begin with a quote *) +test Semanage.lns get "UserParameter=custom.vfs.dev.read.ops[*],cat /proc/diskstats | grep $1 | head -1 | awk '{print $$4}'\n" = + { "UserParameter" = "custom.vfs.dev.read.ops[*],cat /proc/diskstats | grep $1 | head -1 | awk '{print $$4}'" } + +(* Test: Semanage.lns + Support empty values *) +test Semanage.lns get "foo =\n" = + { "foo" } + +(* Variable: conf *) +let conf = "module-store = direct +module-store = \"source\" + +#policy-version = 19 + +expand-check=0 + +usepasswd=False +bzip-small=true +bzip-blocksize=5 +ignoredirs=/root + +[sefcontext_compile] +path = /usr/sbin/sefcontext_compile +args = -r $@ + +[end] + +config=test + +[verify module] +test=value +[end] +" + +(* Test: Semanage.lns *) +test Semanage.lns get conf = + { "module-store" = "direct" } + { "module-store" = "source" } + { } + { "#comment" = "policy-version = 19" } + { } + { "expand-check" = "0" } + { } + { "usepasswd" = "False" } + { "bzip-small" = "true" } + { "bzip-blocksize" = "5" } + { "ignoredirs" = "/root" } + { } + { "@group" = "sefcontext_compile" + { "path" = "/usr/sbin/sefcontext_compile" } + { "args" = "-r $@" } + { } } + { } + { "config" = "test" } + { } + { "@group" = "verify module" + { "test" = "value" } } diff --git a/tests/Makefile.am b/tests/Makefile.am index 8e035e91..2b87c1c7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -186,6 +186,7 @@ lens_tests = \ lens-rx.sh \ lens-samba.sh \ lens-securetty.sh \ + lens-semanage.sh \ lens-services.sh \ lens-shadow.sh \ lens-shells.sh \ -- 2.17.2