This repository has been archived by the owner on Dec 17, 2021. It is now read-only.
/
oneshot.go
113 lines (91 loc) · 3.05 KB
/
oneshot.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
Copyright © 2020 Red Hat, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"fmt"
"os"
"syscall"
"github.com/JAORMX/selinuxd/pkg/daemon"
"github.com/JAORMX/selinuxd/pkg/datastore"
"github.com/JAORMX/selinuxd/pkg/semodule"
"github.com/JAORMX/selinuxd/pkg/semodule/semanage"
"github.com/go-logr/logr"
"github.com/spf13/cobra"
)
// oneshotCmd represents the oneshot command
var oneshotCmd = &cobra.Command{
Use: "oneshot",
Short: "install SELinux policies in the designated directory",
Long: `This does a one-shot installation of SELinux policies.`,
Run: oneshotCmdFunc,
}
// nolint:gochecknoinits
func init() {
rootCmd.AddCommand(oneshotCmd)
defineOneShotFlags(oneshotCmd)
}
func defineOneShotFlags(rootCmd *cobra.Command) {
rootCmd.Flags().String("datastore-path", datastore.DefaultDataStorePath, "The path to the policy data store")
}
func parseOneShotFlags(rootCmd *cobra.Command) (*daemon.SelinuxdOptions, error) {
var config daemon.SelinuxdOptions
var err error
config.StatusDBPath, err = rootCmd.Flags().GetString("datastore-path")
if err != nil {
return nil, fmt.Errorf("failed getting datastore-path flag: %w", err)
}
return &config, nil
}
func tryInstallAllPolicies(sh semodule.Handler, ds datastore.DataStore, logger logr.Logger) {
policyops := make(chan daemon.PolicyAction)
go func() {
if err := daemon.InstallPoliciesInDir(defaultModulePath, policyops, nil); err != nil {
logger.Error(err, "Installing policies in module directory")
}
close(policyops)
}()
daemon.InstallPolicies(defaultModulePath, sh, ds, policyops, logger)
}
func oneshotCmdFunc(rootCmd *cobra.Command, _ []string) {
logger, err := getLogger()
if err != nil {
fmt.Fprintf(os.Stderr, "%s", err)
syscall.Exit(1)
}
opts, err := parseOneShotFlags(rootCmd)
if err != nil {
logger.Error(err, "Parsing flags")
syscall.Exit(1)
}
sh, err := semanage.NewSemanageHandler(false, logger)
if err != nil {
logger.Error(err, "Creating semanage handler")
}
defer sh.Close()
ds, err := datastore.New(opts.StatusDBPath)
if err != nil {
logger.Error(err, "Unable to get R/W datastore")
}
defer ds.Close()
logger.Info("Running oneshot command")
tryInstallAllPolicies(sh, ds, logger)
if err := sh.Commit(); err != nil {
logger.Info("Unable to install policies in one commit. " +
"This is most likely due to a policy being wrongly formatted. " +
"Will attempt to install each policy individually.")
// Do longer policy-per-policy install
sh.SetAutoCommit(true)
tryInstallAllPolicies(sh, ds, logger)
}
logger.Info("Done installing policies in directory")
}