diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2009-02-25 19:34:09 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2009-02-25 19:34:09 +0000 |
| commit | 203decb15d6e52895fdfbfb45f66f88cd4022092 (patch) | |
| tree | 8455e0dce822563188da565a0864fc5fa8202d29 | |
| parent | 5b4a435a4c6b941b5f7ad362f311e8f86479e1d6 (diff) | |
| download | msec-203decb15d6e52895fdfbfb45f66f88cd4022092.tar msec-203decb15d6e52895fdfbfb45f66f88cd4022092.tar.gz msec-203decb15d6e52895fdfbfb45f66f88cd4022092.tar.bz2 msec-203decb15d6e52895fdfbfb45f66f88cd4022092.tar.xz msec-203decb15d6e52895fdfbfb45f66f88cd4022092.zip | |
Added option to automatically enforce msec permissions on startup.
| -rwxr-xr-x | msec.init | 8 | ||||
| -rw-r--r-- | src/msec/config.py | 2 | ||||
| -rwxr-xr-x | src/msec/libmsec.py | 2 |
3 files changed, 10 insertions, 2 deletions
@@ -34,6 +34,10 @@ case "$1" in gprintf "Setting and checking MSEC permissions" /usr/sbin/msecperms -q echo_success + elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then + gprintf "Setting and enforcing MSEC permissions" + /usr/sbin/msecperms -q + echo_success fi ;; stop) @@ -45,11 +49,15 @@ case "$1" in else gprintf "MSEC security policy on startup: disabled" fi + echo if [ "$ENABLE_STARTUP_PERMS" = "yes" ]; then gprintf "MSEC permissions on startup: enabled" + elif [ "$ENABLE_STARTUP_PERMS" = "enforce" ]; then + gprintf "MSEC permissions on startup: enforced" else gprintf "MSEC permissions on startup: disabled" fi + echo ;; restart) $0 stop diff --git a/src/msec/config.py b/src/msec/config.py index c0042c2..0d9c292 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -109,7 +109,7 @@ SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", 'SHELL_HISTORY_SIZE': ("libmsec.set_shell_history_size", ['*']), 'SHELL_TIMEOUT': ("libmsec.set_shell_timeout", ['*']), 'ENABLE_STARTUP_MSEC': ("libmsec.enable_startup_msec", ['yes', 'no']), - 'ENABLE_STARTUP_PERMS': ("libmsec.enable_startup_perms", ['yes', 'no']), + 'ENABLE_STARTUP_PERMS': ("libmsec.enable_startup_perms", ['yes', 'no', 'enforce']), } # text for disabled options OPTION_DISABLED=_("System default") diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py index f67ffdb..04dbdc9 100755 --- a/src/msec/libmsec.py +++ b/src/msec/libmsec.py @@ -1649,7 +1649,7 @@ class MSEC: pass def enable_startup_perms(self, param): - """Enforce MSEC file directory permissions on system startup""" + """Enforce MSEC file directory permissions on system startup. If this parameter is set to 'enforce', system permissions will be enforced automatically, according to system security settings.""" pass |