3

nm�a�@sTdd
lZej
ddd�Z
e
jZddlTddlmZ
dd
lZddlTGdd�de�Zd
S)	�Nzsetroubleshoot-pluginsT)
Zfallback)
�
*)
�Pluginc@sLeZ
dZed
�
Zed�
Zed�
Zdd�Zdd�Zdd	�Z	d
d�Z
dd
�ZdS)�pluginzN
    SELinux is preventing $SOURCE_PATH "$ACCESS" access to $TARGET_PATH.
    z�
    SELinux denied access requested by $SOURCE. $TARGET_PATH may
    be mislabeled. openvpn is allowed to read content in home directory if it
    is labeled correctly.
    z�
    You can restore the default system context to this file by executing the
    restorecon command.  
    # restorecon -R /root/.ssh
    cCs |d
dkrtd�
Std�
SdS)Nr
�movezjIf you want to mv $TARGET_BASE_PATH to standard location so that $SOURCE_BASE_PATH can have $ACCESS accesszlIf you want to modify the label on $TARGET_BASE_PATH so that $SOURCE_BASE_PATH can have $ACCESS access on it)
�
_)�self�avc�args�r
�,/usr/share/setroubleshoot/plugins/openvpn.py�get_if_text/s

zplugin.get_if_textcCs |d
dkrtd�
Std�
SdS)Nr
rz4you must move the cert file to the ~/.cert directoryzyou must fix the labels.)
r)rrr	r
r
r�
get_then_text5s

zplugin.get_then_textcCs|d
dkrdSdSdS)Nr
rz5# mv $TARGET_PATH ~/.cert
# restorecon -R -v ~/.cert
zS# semanage fcontext -a -t home_cert_t $TARGET_PATH
# restorecon -R -v $TARGET_PATH
r
)rrr	r
r
r�get_do_text;s
zplugin.get_do_textc

Cs tj
|t�
|jd
�

d|_dS)N�Zyellow)r�__init__�__name__Zset_priority�level)
rr
r
rrEs



zplugin.__init__cCsJ|
jd
g
�
rF|
j
ddg�
rF|
j|
j�
rF|
jdg
�
rF|jd�
|jd�
gSdS)	NZ	openvpn_tZuser_home_tZ
user_tmp_t�filer�fixlabel)rN)rN)Zmatches_source_typesZmatches_target_typesZall_accesses_are_inZread_file_permsZ
has_tclass_inZreport)rrr
r
r�analyzeJs




zplugin.analyzeN)r�
__module__�__qualname__rZsummaryZproblem_descriptionZfix_descriptionrr
rrrr
r
r
rrs

r)	�gettextZtranslationrZsetroubleshoot.utilZsetroubleshoot.Pluginr�os�statrr
r
r
r�<module>s