aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xcmd2admin.sh21
-rwxr-xr-xselinux_pols/build_all.sh32
-rw-r--r--selinux_pols/hald.modbin0 -> 1487 bytes
-rw-r--r--selinux_pols/hald.ppbin0 -> 1503 bytes
-rw-r--r--selinux_pols/hald.te19
-rwxr-xr-xsend2admin.sh42
6 files changed, 114 insertions, 0 deletions
diff --git a/cmd2admin.sh b/cmd2admin.sh
new file mode 100755
index 0000000..2d213db
--- /dev/null
+++ b/cmd2admin.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ "x${1}" != "x" ]; then
+ RUN_CMDS="${1}"
+else
+ send2admin "cmd2admin failed"
+fi
+
+if [ "x${2}" != "x" ]; then
+ send2admin "${2}"
+fi
+
+send2admin "RUN CMD: ${RUN_CMDS}"
+OUT=$(bash -c "${RUN_CMDS}")
+if [ $? -ne 0 ]; then
+ send2admin "CMD failed!"
+else
+ send2admin "CMD succeeded!"
+fi
+send2admin "output:\n${OUT}"
+exit 0
diff --git a/selinux_pols/build_all.sh b/selinux_pols/build_all.sh
new file mode 100755
index 0000000..0ce8ba5
--- /dev/null
+++ b/selinux_pols/build_all.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+BDIR=$(dirname ${0})
+
+function run_cmd {
+ cmd="${1}"
+ echo "${cmd}"
+ $cmd
+ return $?
+}
+
+echo_cmd
+echo "$0: building all in $BDIR" >&2
+for file in ${BDIR}/*.te; do
+ echo "* building: $file"
+ fname=$(basename ${file} | sed -e 's/^\(.*\)\.\(.*\)$/\1/g')
+ run_cmd "checkmodule -m -M -o ${BDIR}/${fname}.mod ${BDIR}/${fname}.te"
+ if [ $? -ne 0 ]; then
+ echo "checkmodule: ERROR, next .." >&2
+ continue
+ fi
+ run_cmd "semodule_package -m ${BDIR}/${fname}.mod -o ${BDIR}/${fname}.pp"
+ if [ $? -ne 0 ]; then
+ echo "semodule_package: ERROR, next .." >&2
+ continue
+ fi
+ run_cmd "semodule -i ${BDIR}/${fname}.pp"
+ run_cmd "semodule -e ${fname}"
+done
+
+echo "done."
+exit 0
diff --git a/selinux_pols/hald.mod b/selinux_pols/hald.mod
new file mode 100644
index 0000000..d8fea69
--- /dev/null
+++ b/selinux_pols/hald.mod
Binary files differ
diff --git a/selinux_pols/hald.pp b/selinux_pols/hald.pp
new file mode 100644
index 0000000..efb718d
--- /dev/null
+++ b/selinux_pols/hald.pp
Binary files differ
diff --git a/selinux_pols/hald.te b/selinux_pols/hald.te
new file mode 100644
index 0000000..cff1057
--- /dev/null
+++ b/selinux_pols/hald.te
@@ -0,0 +1,19 @@
+
+module hald-custom 1.0;
+
+require {
+ type fixed_disk_device_t;
+ type mnt_t;
+ type system_dbusd_t;
+ class blk_file { read ioctl open };
+ class dir { write remove_name add_name };
+ class file { write rename create unlink };
+}
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t fixed_disk_device_t:blk_file { ioctl open };
+#!!!! The source type 'system_dbusd_t' can write to a 'dir' of the following types:
+# system_dbusd_var_run_t, system_dbusd_tmp_t, user_home_t, tmp_t, var_run_t
+
+allow system_dbusd_t mnt_t:dir { write remove_name add_name };
+allow system_dbusd_t mnt_t:file { write rename create unlink };
diff --git a/send2admin.sh b/send2admin.sh
new file mode 100755
index 0000000..cad0ef5
--- /dev/null
+++ b/send2admin.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+MSG_PREFIX="[AUTO_MSG]"
+RC_PREFIX="/etc/sendxmpprc"
+DEFAULT_REC="/etc/default/send2admin"
+RET=0
+
+if [ -r ${DEFAULT_REC} ]; then
+ . ${DEFAULT_REC}
+fi
+if [ "x${RECIPIENT}" = "x" ]; then
+ RECIPIENT="${2}"
+fi
+
+if [ "x${DISPLAY}" != "x" ]; then
+ USEX=1
+else
+ USEX=0
+fi
+
+if [ "x${USER}" != "x" ]; then
+ if [ -r "${RC_PREFIX}.${USER}" ]; then
+ SX_ARGS=" -f ${RC_PREFIX}.${USER}"
+ fi
+fi
+
+if [ "x${MSG_PREFIX}" != "x" ]; then
+ MSG_PREFIX="${MSG_PREFIX}: "
+fi
+if [ "x${1}" != "x" -a "x${RECIPIENT}" != "x" ]; then
+ echo -en "${MSG_PREFIX}${1}" | sendxmpp -t${SX_ARGS} ${RECIPIENT}
+ RET=$?
+else
+ if [ $USEX -eq 1 ]; then
+ xmessage "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]"
+ else
+ echo "sendxmpp error: syntax: $0 [TEXT] [RECIPIENT]" >&2
+ fi
+ RET=128
+fi
+
+exit $RET
Powered by cgit, Themed by Ted Yin.