* [PATCH 1/2] python/chcat: improve the code readability
@ 2018-12-09 14:23 Nicolas Iooss
2018-12-09 14:23 ` [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup Nicolas Iooss
2018-12-11 9:55 ` [PATCH 1/2] python/chcat: improve the code readability Petr Lautrbach
0 siblings, 2 replies; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-09 14:23 UTC (permalink / raw)
To: selinux
flake8 reports many warnings for chcat:
chcat:7:1: E265 block comment should start with '# '
chcat:29:1: F401 'string' imported but unused
chcat:44:1: E722 do not use bare 'except'
chcat:104:9: F841 local variable 'e' is assigned to but never used
chcat:144:9: F841 local variable 'e' is assigned to but never used
chcat:186:9: F841 local variable 'e' is assigned to but never used
chcat:234:9: F841 local variable 'e' is assigned to but never used
chcat:262:9: F841 local variable 'e' is assigned to but never used
chcat:281:5: F841 local variable 'e' is assigned to but never used
chcat:385:9: E722 do not use bare 'except'
chcat:402:1: E305 expected 2 blank lines after class or function definition, found 1
chcat:436:5: F841 local variable 'e' is assigned to but never used
Fix all of them.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
This patch needs to be applied after "python/chcat: use check_call instead of getstatusoutput",
https://lore.kernel.org/selinux/CAJfZ7=k+dNFE7AOO_FJhSMZP7WdvkJf3zbfqeY6kSkabOm+Uag@mail.gmail.com/T/#e720d3de77d336300faf6cc3d8a2940b70c9a169a
python/chcat/chcat | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/python/chcat/chcat b/python/chcat/chcat
index 1de92306e963..73f757258807 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -4,7 +4,7 @@
#
# chcat is a script that allows you modify the Security label on a file
#
-#` Author: Daniel Walsh <dwalsh@redhat.com>
+# Author: Daniel Walsh <dwalsh@redhat.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
@@ -26,7 +26,6 @@ import subprocess
import sys
import os
import pwd
-import string
import getopt
import selinux
import seobject
@@ -41,7 +40,7 @@ try:
localedir="/usr/share/locale",
codeset='utf-8',
**kwargs)
-except:
+except ImportError:
try:
import builtins
builtins.__dict__['_'] = str
@@ -101,7 +100,7 @@ def chcat_user_add(newcat, users):
cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -141,7 +140,7 @@ def chcat_add(orig, newcat, objects, login_ind):
cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -183,7 +182,7 @@ def chcat_user_remove(newcat, users):
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -231,7 +230,7 @@ def chcat_remove(orig, newcat, objects, login_ind):
cmd = ["chcon", "-l", new_serange, f]
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -259,7 +258,7 @@ def chcat_user_replace(newcat, users):
cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -268,6 +267,7 @@ def chcat_replace(newcat, objects, login_ind):
if login_ind == 1:
return chcat_user_replace(newcat, objects)
errors = 0
+ # newcat[0] is the sensitivity level, newcat[1:] are the categories
if len(newcat) == 1:
new_serange = newcat[0]
else:
@@ -278,7 +278,7 @@ def chcat_replace(newcat, objects, login_ind):
cmd = ["chcon", "-l", new_serange] + objects
try:
subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
- except subprocess.CalledProcessError as e:
+ except subprocess.CalledProcessError:
errors += 1
return errors
@@ -382,7 +382,7 @@ def listusercats(users):
if len(users) == 0:
try:
users.append(os.getlogin())
- except:
+ except OSError:
users.append(pwd.getpwuid(os.getuid()).pw_name)
verify_users(users)
@@ -399,6 +399,7 @@ def error(msg):
print("%s: %s" % (sys.argv[0], msg))
sys.exit(1)
+
if __name__ == '__main__':
if selinux.is_selinux_mls_enabled() != 1:
error("Requires a mls enabled system")
@@ -433,7 +434,7 @@ if __name__ == '__main__':
except getopt.error as error:
errorExit(_("Options Error %s ") % error.msg)
- except ValueError as e:
+ except ValueError:
usage()
if delete_ind:
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup
2018-12-09 14:23 [PATCH 1/2] python/chcat: improve the code readability Nicolas Iooss
@ 2018-12-09 14:23 ` Nicolas Iooss
2018-12-11 9:56 ` Petr Lautrbach
2018-12-11 9:55 ` [PATCH 1/2] python/chcat: improve the code readability Petr Lautrbach
1 sibling, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-09 14:23 UTC (permalink / raw)
To: selinux
Using Vagrant with fedora/28-cloud-base image, SELinux logins are
configured this way:
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
vagrant unconfined_u s0-s0:c0.c1023 *
Using "chcat -l +c42 vagrant" successfully adds the category to user
vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
semanage login -l returns:
vagrant unconfined_u s0-s0:c0.c1023,c42 *
This issue is caused by expandCats(), which refuses to return a list of
more than 25 categories. This causes chcat_user_remove() to work with
cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
it not been able to remove 'c42' from the list.
Fix this issue by splitting the list of categories before calling
expandCats().
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/chcat/chcat | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/python/chcat/chcat b/python/chcat/chcat
index 73f757258807..5bef0073b7a4 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -82,8 +82,7 @@ def chcat_user_add(newcat, users):
if len(serange) > 1:
top = serange[1].split(":")
if len(top) > 1:
- cats.append(top[1])
- cats = expandCats(cats)
+ cats = expandCats(top[1].split(','))
for i in newcat[1:]:
if i not in cats:
@@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users):
if len(serange) > 1:
top = serange[1].split(":")
if len(top) > 1:
- cats.append(top[1])
- cats = expandCats(cats)
+ cats = expandCats(top[1].split(','))
for i in newcat[1:]:
if i in cats:
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] python/chcat: improve the code readability
2018-12-09 14:23 [PATCH 1/2] python/chcat: improve the code readability Nicolas Iooss
2018-12-09 14:23 ` [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup Nicolas Iooss
@ 2018-12-11 9:55 ` Petr Lautrbach
1 sibling, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2018-12-11 9:55 UTC (permalink / raw)
To: selinux; +Cc: Nicolas Iooss
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> flake8 reports many warnings for chcat:
>
> chcat:7:1: E265 block comment should start with '# '
> chcat:29:1: F401 'string' imported but unused
> chcat:44:1: E722 do not use bare 'except'
> chcat:104:9: F841 local variable 'e' is assigned to but never used
> chcat:144:9: F841 local variable 'e' is assigned to but never used
> chcat:186:9: F841 local variable 'e' is assigned to but never used
> chcat:234:9: F841 local variable 'e' is assigned to but never used
> chcat:262:9: F841 local variable 'e' is assigned to but never used
> chcat:281:5: F841 local variable 'e' is assigned to but never used
> chcat:385:9: E722 do not use bare 'except'
> chcat:402:1: E305 expected 2 blank lines after class or function definition, found 1
> chcat:436:5: F841 local variable 'e' is assigned to but never used
>
> Fix all of them.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
> ---
> This patch needs to be applied after "python/chcat: use check_call instead of getstatusoutput",
> https://lore.kernel.org/selinux/CAJfZ7=k+dNFE7AOO_FJhSMZP7WdvkJf3zbfqeY6kSkabOm+Uag@mail.gmail.com/T/#e720d3de77d336300faf6cc3d8a2940b70c9a169a
>
> python/chcat/chcat | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
> diff --git a/python/chcat/chcat b/python/chcat/chcat
> index 1de92306e963..73f757258807 100755
> --- a/python/chcat/chcat
> +++ b/python/chcat/chcat
> @@ -4,7 +4,7 @@
> #
> # chcat is a script that allows you modify the Security label on a file
> #
> -#` Author: Daniel Walsh <dwalsh@redhat.com>
> +# Author: Daniel Walsh <dwalsh@redhat.com>
> #
> # This program is free software; you can redistribute it and/or
> # modify it under the terms of the GNU General Public License as
> @@ -26,7 +26,6 @@ import subprocess
> import sys
> import os
> import pwd
> -import string
> import getopt
> import selinux
> import seobject
> @@ -41,7 +40,7 @@ try:
> localedir="/usr/share/locale",
> codeset='utf-8',
> **kwargs)
> -except:
> +except ImportError:
> try:
> import builtins
> builtins.__dict__['_'] = str
> @@ -101,7 +100,7 @@ def chcat_user_add(newcat, users):
> cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
>
> return errors
> @@ -141,7 +140,7 @@ def chcat_add(orig, newcat, objects, login_ind):
> cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
> return errors
>
> @@ -183,7 +182,7 @@ def chcat_user_remove(newcat, users):
>
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
>
> return errors
> @@ -231,7 +230,7 @@ def chcat_remove(orig, newcat, objects, login_ind):
> cmd = ["chcon", "-l", new_serange, f]
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
> return errors
>
> @@ -259,7 +258,7 @@ def chcat_user_replace(newcat, users):
> cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
> return errors
>
> @@ -268,6 +267,7 @@ def chcat_replace(newcat, objects, login_ind):
> if login_ind == 1:
> return chcat_user_replace(newcat, objects)
> errors = 0
> + # newcat[0] is the sensitivity level, newcat[1:] are the categories
> if len(newcat) == 1:
> new_serange = newcat[0]
> else:
> @@ -278,7 +278,7 @@ def chcat_replace(newcat, objects, login_ind):
> cmd = ["chcon", "-l", new_serange] + objects
> try:
> subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
> - except subprocess.CalledProcessError as e:
> + except subprocess.CalledProcessError:
> errors += 1
>
> return errors
> @@ -382,7 +382,7 @@ def listusercats(users):
> if len(users) == 0:
> try:
> users.append(os.getlogin())
> - except:
> + except OSError:
> users.append(pwd.getpwuid(os.getuid()).pw_name)
>
> verify_users(users)
> @@ -399,6 +399,7 @@ def error(msg):
> print("%s: %s" % (sys.argv[0], msg))
> sys.exit(1)
>
> +
> if __name__ == '__main__':
> if selinux.is_selinux_mls_enabled() != 1:
> error("Requires a mls enabled system")
> @@ -433,7 +434,7 @@ if __name__ == '__main__':
> except getopt.error as error:
> errorExit(_("Options Error %s ") % error.msg)
>
> - except ValueError as e:
> + except ValueError:
> usage()
>
> if delete_ind:
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup
2018-12-09 14:23 ` [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup Nicolas Iooss
@ 2018-12-11 9:56 ` Petr Lautrbach
2018-12-12 9:38 ` Petr Lautrbach
0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2018-12-11 9:56 UTC (permalink / raw)
To: selinux; +Cc: Nicolas Iooss
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> Using Vagrant with fedora/28-cloud-base image, SELinux logins are
> configured this way:
>
> # semanage login -l
> Login Name SELinux User MLS/MCS Range Service
>
> __default__ unconfined_u s0-s0:c0.c1023 *
> root unconfined_u s0-s0:c0.c1023 *
> vagrant unconfined_u s0-s0:c0.c1023 *
>
> Using "chcat -l +c42 vagrant" successfully adds the category to user
> vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
> semanage login -l returns:
>
> vagrant unconfined_u s0-s0:c0.c1023,c42 *
>
> This issue is caused by expandCats(), which refuses to return a list of
> more than 25 categories. This causes chcat_user_remove() to work with
> cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
> it not been able to remove 'c42' from the list.
>
> Fix this issue by splitting the list of categories before calling
> expandCats().
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
> ---
> python/chcat/chcat | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/python/chcat/chcat b/python/chcat/chcat
> index 73f757258807..5bef0073b7a4 100755
> --- a/python/chcat/chcat
> +++ b/python/chcat/chcat
> @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users):
> if len(serange) > 1:
> top = serange[1].split(":")
> if len(top) > 1:
> - cats.append(top[1])
> - cats = expandCats(cats)
> + cats = expandCats(top[1].split(','))
>
> for i in newcat[1:]:
> if i not in cats:
> @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users):
> if len(serange) > 1:
> top = serange[1].split(":")
> if len(top) > 1:
> - cats.append(top[1])
> - cats = expandCats(cats)
> + cats = expandCats(top[1].split(','))
>
> for i in newcat[1:]:
> if i in cats:
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup
2018-12-11 9:56 ` Petr Lautrbach
@ 2018-12-12 9:38 ` Petr Lautrbach
0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2018-12-12 9:38 UTC (permalink / raw)
To: selinux; +Cc: Nicolas Iooss
Petr Lautrbach <plautrba@redhat.com> writes:
> Nicolas Iooss <nicolas.iooss@m4x.org> writes:
>
>> Using Vagrant with fedora/28-cloud-base image, SELinux logins are
>> configured this way:
>>
>> # semanage login -l
>> Login Name SELinux User MLS/MCS Range Service
>>
>> __default__ unconfined_u s0-s0:c0.c1023 *
>> root unconfined_u s0-s0:c0.c1023 *
>> vagrant unconfined_u s0-s0:c0.c1023 *
>>
>> Using "chcat -l +c42 vagrant" successfully adds the category to user
>> vagrant, but "chcat -l -- -c42 vagrant" fails to remove it.
>> semanage login -l returns:
>>
>> vagrant unconfined_u s0-s0:c0.c1023,c42 *
>>
>> This issue is caused by expandCats(), which refuses to return a list of
>> more than 25 categories. This causes chcat_user_remove() to work with
>> cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to
>> it not been able to remove 'c42' from the list.
>>
>> Fix this issue by splitting the list of categories before calling
>> expandCats().
>>
>> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Acked-by: Petr Lautrbach <plautrba@redhat.com>
All 3 chcat patches merged. Thanks!
>
>> ---
>> python/chcat/chcat | 6 ++----
>> 1 file changed, 2 insertions(+), 4 deletions(-)
>>
>> diff --git a/python/chcat/chcat b/python/chcat/chcat
>> index 73f757258807..5bef0073b7a4 100755
>> --- a/python/chcat/chcat
>> +++ b/python/chcat/chcat
>> @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users):
>> if len(serange) > 1:
>> top = serange[1].split(":")
>> if len(top) > 1:
>> - cats.append(top[1])
>> - cats = expandCats(cats)
>> + cats = expandCats(top[1].split(','))
>>
>> for i in newcat[1:]:
>> if i not in cats:
>> @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users):
>> if len(serange) > 1:
>> top = serange[1].split(":")
>> if len(top) > 1:
>> - cats.append(top[1])
>> - cats = expandCats(cats)
>> + cats = expandCats(top[1].split(','))
>>
>> for i in newcat[1:]:
>> if i in cats:
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-12-12 9:38 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-09 14:23 [PATCH 1/2] python/chcat: improve the code readability Nicolas Iooss
2018-12-09 14:23 ` [PATCH 2/2] python/chcat: fix removing categories on users with Fedora default setup Nicolas Iooss
2018-12-11 9:56 ` Petr Lautrbach
2018-12-12 9:38 ` Petr Lautrbach
2018-12-11 9:55 ` [PATCH 1/2] python/chcat: improve the code readability Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.