util/selinux: add simple setfiles wrapper
Add a small wrapper around the setfiles(8) utility that can be used to set the security context fields on one or multiple provided paths, given a specification. The root of the file system tree can be given via `root` and all elements of `paths` will be interpreted as relative to that root.
This commit is contained in:
Christian Kellner
David Rheinsberg
parent
50beb4ffb5
commit
40c2545f74
1 changed files with 19 additions and 0 deletions
|
|
@ -1,5 +1,7 @@
|
|||
"""SELinux utility functions"""
|
||||
|
||||
import subprocess
|
||||
|
||||
from typing import Dict, TextIO
|
||||
|
||||
|
||||
|
|
@ -27,3 +29,20 @@ def config_get_policy(config: Dict[str, str]):
|
|||
if enabled not in ['enforcing', 'permissive']:
|
||||
return None
|
||||
return config.get('SELINUXTYPE', None)
|
||||
|
||||
|
||||
def setfiles(spec_file: str, root: str, *paths):
|
||||
"""Initialize the security context fields for `paths`
|
||||
|
||||
Initialize the security context fields (extended attributes)
|
||||
on `paths` using the given specification in `spec_file`. The
|
||||
`root` argument determines the root path of the file system
|
||||
and the entries in `path` are interpreted as relative to it.
|
||||
Uses the setfiles(8) tool to actually set the contexts.
|
||||
"""
|
||||
for path in paths:
|
||||
subprocess.run(["setfiles", "-F",
|
||||
"-r", root,
|
||||
spec_file,
|
||||
f"{root}{path}"],
|
||||
check=True)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue