当前位置: 首页>>代码示例>>Python>>正文


Python selinux.is_selinux_enabled方法代码示例

本文整理汇总了Python中selinux.is_selinux_enabled方法的典型用法代码示例。如果您正苦于以下问题:Python selinux.is_selinux_enabled方法的具体用法?Python selinux.is_selinux_enabled怎么用?Python selinux.is_selinux_enabled使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在selinux的用法示例。


在下文中一共展示了selinux.is_selinux_enabled方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: main

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def main():
    module = AnsibleModule(
        argument_spec = dict(
                target  = dict(required=True, aliases=['path']),
                ftype   = dict(required=False, choices=option_to_file_type_str.keys(), default='a'),
                setype  = dict(required=True),
                seuser  = dict(required=False, default=None),
                selevel = dict(required=False, default=None, aliases=['serange']),
                state   = dict(required=False, choices=['present', 'absent'], default='present'),
                reload  = dict(required=False, type='bool', default='yes'),
            ),
        supports_check_mode = True,
    )
    if not HAVE_SELINUX:
        module.fail_json(msg="This module requires libselinux-python")

    if not HAVE_SEOBJECT:
        module.fail_json(msg="This module requires policycoreutils-python")

    if not selinux.is_selinux_enabled():
        module.fail_json(msg="SELinux is disabled on this host.")

    target = module.params['target']
    ftype = module.params['ftype']
    setype = module.params['setype']
    seuser = module.params['seuser']
    serange = module.params['selevel']
    state = module.params['state']
    do_reload = module.params['reload']

    result = dict(target=target, ftype=ftype, setype=setype, state=state)

    # Convert file types to (internally used) strings
    ftype = option_to_file_type_str[ftype]

    if state == 'present':
        semanage_fcontext_modify(module, result, target, ftype, setype, do_reload, serange, seuser)
    elif state == 'absent':
        semanage_fcontext_delete(module, result, target, ftype, do_reload)
    else:
        module.fail_json(msg='Invalid value of argument "state": {0}'.format(state)) 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:43,代码来源:sefcontext.py

示例2: selinux_enabled

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def selinux_enabled(self):
        if not HAVE_SELINUX:
            seenabled = self.get_bin_path('selinuxenabled')
            if seenabled is not None:
                (rc,out,err) = self.run_command(seenabled)
                if rc == 0:
                    self.fail_json(msg="Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!")
            return False
        if selinux.is_selinux_enabled() == 1:
            return True
        else:
            return False

    # Determine whether we need a placeholder for selevel/mls 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:16,代码来源:basic.py

示例3: get_selinux_facts

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def get_selinux_facts(self):
        if not HAVE_SELINUX:
            self.facts['selinux'] = False
            return
        self.facts['selinux'] = {}
        if not selinux.is_selinux_enabled():
            self.facts['selinux']['status'] = 'disabled'
        else:
            self.facts['selinux']['status'] = 'enabled'
            try:
                self.facts['selinux']['policyvers'] = selinux.security_policyvers()
            except OSError:
                self.facts['selinux']['policyvers'] = 'unknown'
            try:
                (rc, configmode) = selinux.selinux_getenforcemode()
                if rc == 0:
                    self.facts['selinux']['config_mode'] = Facts.SELINUX_MODE_DICT.get(configmode, 'unknown')
                else:
                    self.facts['selinux']['config_mode'] = 'unknown'
            except OSError:
                self.facts['selinux']['config_mode'] = 'unknown'
            try:
                mode = selinux.security_getenforce()
                self.facts['selinux']['mode'] = Facts.SELINUX_MODE_DICT.get(mode, 'unknown')
            except OSError:
                self.facts['selinux']['mode'] = 'unknown'
            try:
                (rc, policytype) = selinux.selinux_getpolicytype()
                if rc == 0:
                    self.facts['selinux']['type'] = policytype
                else:
                    self.facts['selinux']['type'] = 'unknown'
            except OSError:
                self.facts['selinux']['type'] = 'unknown' 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:36,代码来源:facts.py

示例4: default_container_context

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def default_container_context():
    if selinux.is_selinux_enabled() != 0:
        fd = open(selinux.selinux_lxc_contexts_path())
        for i in fd.readlines():
            name, context = i.split("=")
            if name.strip() == "file":
                return context.strip("\n\" ")
    return "" 
开发者ID:RedHatInsights,项目名称:insights-core,代码行数:10,代码来源:util.py

示例5: selinux_enabled

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def selinux_enabled(self):
        if not HAVE_SELINUX:
            seenabled = self.get_bin_path('selinuxenabled')
            if seenabled is not None:
                (rc, out, err) = self.run_command(seenabled)
                if rc == 0:
                    self.fail_json(msg="Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!")
            return False
        if selinux.is_selinux_enabled() == 1:
            return True
        else:
            return False

    # Determine whether we need a placeholder for selevel/mls 
开发者ID:alibaba,项目名称:ansible-provider-docs,代码行数:16,代码来源:basic.py

示例6: selinux_context

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def selinux_context(path):
    context = [None, None, None, None]
    if HAVE_SELINUX and selinux.is_selinux_enabled():
        try:
            # note: the selinux module uses byte strings on python2 and text
            # strings on python3
            ret = selinux.lgetfilecon_raw(to_native(path))
        except OSError:
            return context
        if ret[0] != -1:
            # Limit split to 4 because the selevel, the last in the list,
            # may contain ':' characters
            context = ret[1].split(':', 3)
    return context 
开发者ID:alibaba,项目名称:ansible-provider-docs,代码行数:16,代码来源:filetree.py

示例7: is_selinux_enabled

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def is_selinux_enabled(self):
        """Selinux status
        """
        return selinux.is_selinux_enabled() 
开发者ID:navidshaikh,项目名称:introspection,代码行数:6,代码来源:selinux_tests.py

示例8: security_getenforce

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def security_getenforce(self):
        """Selinux getenforce
        """
        if not selinux.is_selinux_enabled():
            return -1
        return selinux.security_getenforce() 
开发者ID:navidshaikh,项目名称:introspection,代码行数:8,代码来源:selinux_tests.py

示例9: main

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def main():
    module = AnsibleModule(
        argument_spec = dict(
            name=dict(required=True),
            persistent=dict(default='no', type='bool'),
            state=dict(required=True, type='bool')
        ),
        supports_check_mode=True
    )

    if not HAVE_SELINUX:
        module.fail_json(msg="This module requires libselinux-python support")

    if not HAVE_SEMANAGE:
        module.fail_json(msg="This module requires libsemanage-python support")

    if not selinux.is_selinux_enabled():
        module.fail_json(msg="SELinux is disabled on this host.")

    name = module.params['name']
    persistent = module.params['persistent']
    state = module.params['state']
    result = {}
    result['name'] = name

    if hasattr(selinux, 'selinux_boolean_sub'):
        # selinux_boolean_sub allows sites to rename a boolean and alias the old name
        # Feature only available in selinux library since 2012.
        name = selinux.selinux_boolean_sub(name)

    if not has_boolean_value(module, name):
        module.fail_json(msg="SELinux boolean %s does not exist." % name)

    cur_value = get_boolean_value(module, name)

    if cur_value == state:
        result['state'] = cur_value
        result['changed'] = False
        module.exit_json(**result)

    if module.check_mode:
        module.exit_json(changed=True)
    if persistent:
        r = semanage_boolean_value(module, name, state)
    else:
        r = set_boolean_value(module, name, state)

    result['changed'] = r
    if not r:
        module.fail_json(msg="Failed to set boolean %s to %s" % (name, value))
    try:
        selinux.security_commit_booleans()
    except:
        module.fail_json(msg="Failed to commit pending boolean %s value" % name)
    module.exit_json(**result)

# import module snippets 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:59,代码来源:seboolean.py

示例10: main

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def main():
    module = AnsibleModule(
        argument_spec={
                'ports': {
                    'required': True,
                },
                'proto': {
                    'required': True,
                    'choices': ['tcp', 'udp'],
                },
                'setype': {
                    'required': True,
                },
                'state': {
                    'required': True,
                    'choices': ['present', 'absent'],
                },
                'reload': {
                    'required': False,
                    'type': 'bool',
                    'default': 'yes',
                },
            },
        supports_check_mode=True
    )
    if not HAVE_SELINUX:
        module.fail_json(msg="This module requires libselinux-python")

    if not HAVE_SEOBJECT:
        module.fail_json(msg="This module requires policycoreutils-python")

    if not selinux.is_selinux_enabled():
        module.fail_json(msg="SELinux is disabled on this host.")

    ports = [x.strip() for x in str(module.params['ports']).split(',')]
    proto = module.params['proto']
    setype = module.params['setype']
    state = module.params['state']
    do_reload = module.params['reload']

    result = {
        'ports': ports,
        'proto': proto,
        'setype': setype,
        'state': state,
    }

    if state == 'present':
        result['changed'] = semanage_port_add(module, ports, proto, setype, do_reload)
    elif state == 'absent':
        result['changed'] = semanage_port_del(module, ports, proto, setype, do_reload)
    else:
        module.fail_json(msg='Invalid value of argument "state": {0}'.format(state))

    module.exit_json(**result) 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:57,代码来源:seport.py

示例11: file_props

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def file_props(root, path):
    ''' Returns dictionary with file properties, or return None on failure '''
    abspath = os.path.join(root, path)

    try:
        st = os.lstat(abspath)
    except OSError as e:
        display.warning('filetree: Error using stat() on path %s (%s)' % (abspath, e))
        return None

    ret = dict(root=root, path=path)

    if stat.S_ISLNK(st.st_mode):
        ret['state'] = 'link'
        ret['src'] = os.readlink(abspath)
    elif stat.S_ISDIR(st.st_mode):
        ret['state'] = 'directory'
    elif stat.S_ISREG(st.st_mode):
        ret['state'] = 'file'
        ret['src'] = abspath
    else:
        display.warning('filetree: Error file type of %s is not supported' % abspath)
        return None

    ret['uid'] = st.st_uid
    ret['gid'] = st.st_gid
    try:
        ret['owner'] = pwd.getpwuid(st.st_uid).pw_name
    except KeyError:
        ret['owner'] = st.st_uid
    try:
        ret['group'] = grp.getgrgid(st.st_gid).gr_name
    except KeyError:
        ret['group'] = st.st_gid
    ret['mode'] = '0%03o' % (stat.S_IMODE(st.st_mode))
    ret['size'] = st.st_size
    ret['mtime'] = st.st_mtime
    ret['ctime'] = st.st_ctime

    if HAVE_SELINUX and selinux.is_selinux_enabled() == 1:
        context = selinux_context(abspath)
        ret['seuser'] = context[0]
        ret['serole'] = context[1]
        ret['setype'] = context[2]
        ret['selevel'] = context[3]

    return ret 
开发者ID:YoLoveLife,项目名称:DevOps,代码行数:49,代码来源:filetree.py

示例12: main

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def main():
    module = AnsibleModule(
        argument_spec={
                'login': {
                    'required': True,
                    # 'default': '__default__',
                },
                'seuser': {
                    'required': True,
                },
                'serange': {
                    'required': False
                },
                'state': {
                    'choices': ['present', 'absent'],
                    'default': 'present'
                },
                'reload': {
                    'required': False,
                    'type': 'bool',
                    'default': 'yes',
                },
            },
        supports_check_mode=True
    )
    if not HAVE_SELINUX:
        module.fail_json(msg="This module requires libselinux-python")

    if not HAVE_SEOBJECT:
        module.fail_json(msg="This module requires policycoreutils-python")

    if not selinux.is_selinux_enabled():
        module.fail_json(msg="SELinux is disabled on this host.")

    login = module.params['login']
    seuser = module.params['seuser']
    serange = module.params['serange']
    state = module.params['state']
    do_reload = module.params['reload']

    result = {
        'login': login,
        'seuser': seuser,
        'serange': serange,
        'state': state,
    }

    if state == 'present':
        result['changed'] = semanage_login_add(module, login, seuser, do_reload, serange)
    elif state == 'absent':
        result['changed'] = semanage_login_del(module, login, seuser, do_reload)
    else:
        module.fail_json(msg='Invalid value of argument "state": {0}'.format(state))

    module.exit_json(**result) 
开发者ID:cockpit-project,项目名称:system-api-roles,代码行数:57,代码来源:selogin.py

示例13: collect

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def collect(self, module=None, collected_facts=None):
        facts_dict = {}
        selinux_facts = {}

        # This is weird. The value of the facts 'selinux' key can be False or a dict
        if not HAVE_SELINUX:
            facts_dict['selinux'] = False
            facts_dict['selinux_python_present'] = False
            return facts_dict

        facts_dict['selinux_python_present'] = True

        if not selinux.is_selinux_enabled():
            selinux_facts['status'] = 'disabled'
        # NOTE: this could just return in the above clause and the rest of this is up an indent -akl
        else:
            selinux_facts['status'] = 'enabled'

            try:
                selinux_facts['policyvers'] = selinux.security_policyvers()
            except (AttributeError, OSError):
                selinux_facts['policyvers'] = 'unknown'

            try:
                (rc, configmode) = selinux.selinux_getenforcemode()
                if rc == 0:
                    selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown')
                else:
                    selinux_facts['config_mode'] = 'unknown'
            except (AttributeError, OSError):
                selinux_facts['config_mode'] = 'unknown'

            try:
                mode = selinux.security_getenforce()
                selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
            except (AttributeError, OSError):
                selinux_facts['mode'] = 'unknown'

            try:
                (rc, policytype) = selinux.selinux_getpolicytype()
                if rc == 0:
                    selinux_facts['type'] = policytype
                else:
                    selinux_facts['type'] = 'unknown'
            except (AttributeError, OSError):
                selinux_facts['type'] = 'unknown'

        facts_dict['selinux'] = selinux_facts
        return facts_dict 
开发者ID:alibaba,项目名称:ansible-provider-docs,代码行数:51,代码来源:selinux.py

示例14: run

# 需要导入模块: import selinux [as 别名]
# 或者: from selinux import is_selinux_enabled [as 别名]
def run(self, text=False, export_file=False):
        """Run few selinux checks
        """
        # is_selinux_enabled
        data = {}
        status = self.is_selinux_enabled()
        if status:
            status = "true"
        else:
            status = "false"
        data["enabled"] = status

        # security_getenforce
        mode = self.security_getenforce()
        if mode == 1:
            mode_str = "Enforcing"
        elif mode == 0:
            mode_str = "Permissive"
        elif mode == -1:
            mode_str = "Disabled"
        else:
            mode_str = "Error while checking mode"
        data["mode"] = mode_str

        # is_selinux_mls_enabled
        status = self.is_selinux_mls_enabled()
        if status:
            status = "true"
        else:
            status = "false"
        data["mls"] = status

        # security_policyvers
        if self.is_selinux_enabled():
            version = self.security_policyvers()
        else:
            version = "None"
        data["policy_version"] = version

        # selinux_getpolicytype
        policy_type = self.selinux_getpolicytype()
        if policy_type[0] == 0:
            policy_str = policy_type[1]
        else:
            policy_str = "Error while checking policy type"
        data["policy"] = policy_str

        if text:
            data = self.selinux_report_text(data)
        if export_file:
            return self._export(data, export_file)
        return data 
开发者ID:navidshaikh,项目名称:introspection,代码行数:54,代码来源:selinux_tests.py


注:本文中的selinux.is_selinux_enabled方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。