From: bauen1 <j2468h@googlemail.com>
To: selinux@vger.kernel.org
Cc: bauen1 <j2468h@googlemail.com>
Subject: [PATCH v2] chcat: allow usage if binary policy is inaccessible
Date: Wed, 17 Feb 2021 22:16:03 +0100 [thread overview]
Message-ID: <6b298117-2dd0-322a-4de2-b8886731265a@gmail.com> (raw)
In-Reply-To: <CAEjxPJ5gK_DdNxpjMq8tvvhkq1hxsoE5vTNZAa=hiP-6s=an8Q@mail.gmail.com>
Currently, chcat will crash when run as regular user, because import
sepolicy throws an Exception when failing to access the binary policy
under /etc/selinux/${POLICYNAME}/policy/ which is inaccessible to
regular users.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
---
v2:
Fix signed-off-by, improve commit message, but otherwise unchanged
python/chcat/chcat | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/python/chcat/chcat b/python/chcat/chcat
index fdd2e46e..55408577 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -28,7 +28,6 @@ import os
import pwd
import getopt
import selinux
-import seobject
PROGNAME = "policycoreutils"
try:
@@ -65,6 +64,7 @@ def verify_users(users):
def chcat_user_add(newcat, users):
+ import seobject
errors = 0
logins = seobject.loginRecords()
seusers = logins.get_all()
@@ -144,6 +144,7 @@ def chcat_add(orig, newcat, objects, login_ind):
def chcat_user_remove(newcat, users):
+ import seobject
errors = 0
logins = seobject.loginRecords()
seusers = logins.get_all()
@@ -233,6 +234,7 @@ def chcat_remove(orig, newcat, objects, login_ind):
def chcat_user_replace(newcat, users):
+ import seobject
errors = 0
logins = seobject.loginRecords()
seusers = logins.get_all()
@@ -376,6 +378,7 @@ def listcats():
def listusercats(users):
+ import seobject
if len(users) == 0:
try:
users.append(os.getlogin())
--
2.30.1
next prev parent reply other threads:[~2021-02-17 21:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-09 14:06 [PATCH] chcat: don't crash if access to binary policy is prohibited bauen1
2020-05-10 17:25 ` Nicolas Iooss
2020-05-29 13:16 ` Stephen Smalley
2021-02-17 21:16 ` bauen1 [this message]
2021-02-22 18:27 ` [PATCH v2] chcat: allow usage if binary policy is inaccessible Petr Lautrbach
2021-02-22 20:33 ` bauen1
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6b298117-2dd0-322a-4de2-b8886731265a@gmail.com \
--to=j2468h@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.