selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] python/chcat: use check_call instead of getstatusoutput
@ 2018-12-04 10:35 Petr Lautrbach
  2018-12-09 14:19 ` Nicolas Iooss
  0 siblings, 1 reply; 2+ messages in thread
From: Petr Lautrbach @ 2018-12-04 10:35 UTC (permalink / raw)
  To: selinux; +Cc: Vit Mojzis

From: Vit Mojzis <vmojzis@redhat.com>

Use "check_call" instead of "getstatusoutput" in order for special
characters and spaces in filenames to be handled correctly.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1013774

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 python/chcat/chcat | 78 ++++++++++++++++++++++------------------------
 1 file changed, 38 insertions(+), 40 deletions(-)

diff --git a/python/chcat/chcat b/python/chcat/chcat
index edfe5713..a2cc9fa0 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -22,10 +22,7 @@
 #                                        02111-1307  USA
 #
 #
-try:
-    from subprocess import getstatusoutput
-except ImportError:
-    from commands import getstatusoutput
+import subprocess
 import sys
 import os
 import pwd
@@ -99,12 +96,12 @@ def chcat_user_add(newcat, users):
             new_serange = "%s-%s" % (serange[0], top[0])
 
         if add_ind:
-            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+            cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
         else:
-            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-        rc = getstatusoutput(cmd)
-        if rc[0] != 0:
-            print(rc[1])
+            cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+        try:
+            subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+        except subprocess.CalledProcessError as e:
             errors += 1
 
     return errors
@@ -140,10 +137,11 @@ def chcat_add(orig, newcat, objects, login_ind):
                 cat_string = "%s,%s" % (cat_string, c)
         else:
             cat_string = cat
-        cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f)
-        rc = getstatusoutput(cmd)
-        if rc[0] != 0:
-            print(rc[1])
+
+        cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
+        try:
+            subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+        except subprocess.CalledProcessError as e:
             errors += 1
     return errors
 
@@ -179,13 +177,15 @@ def chcat_user_remove(newcat, users):
             new_serange = "%s-%s" % (serange[0], top[0])
 
         if add_ind:
-            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+            cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
         else:
-            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-        rc = getstatusoutput(cmd)
-        if rc[0] != 0:
-            print(rc[1])
+            cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+
+        try:
+            subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+        except subprocess.CalledProcessError as e:
             errors += 1
+
     return errors
 
 
@@ -224,12 +224,14 @@ def chcat_remove(orig, newcat, objects, login_ind):
             continue
 
         if len(cat) == 0:
-            cmd = 'chcon -l %s %s' % (sensitivity, f)
+            new_serange = sensitivity
         else:
-            cmd = 'chcon -l %s:%s %s' % (sensitivity, cat, f)
-        rc = getstatusoutput(cmd)
-        if rc[0] != 0:
-            print(rc[1])
+            new_serange = '%s:%s' % (sensitivity, cat)
+
+        cmd = ["chcon", "-l", new_serange, f]
+        try:
+            subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+        except subprocess.CalledProcessError as e:
             errors += 1
     return errors
 
@@ -247,17 +249,17 @@ def chcat_user_replace(newcat, users):
             add_ind = 1
             user = seusers["__default__"]
         serange = user[1].split("-")
-        new_serange = "%s-%s:%s" % (serange[0], newcat[0], string.join(newcat[1:], ","))
+        new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:]))
         if new_serange[-1:] == ":":
             new_serange = new_serange[:-1]
 
         if add_ind:
-            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
+            cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
         else:
-            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-        rc = getstatusoutput(cmd)
-        if rc[0] != 0:
-            print(rc[1])
+            cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
+        try:
+            subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+        except subprocess.CalledProcessError as e:
             errors += 1
     return errors
 
@@ -267,20 +269,16 @@ def chcat_replace(newcat, objects, login_ind):
         return chcat_user_replace(newcat, objects)
     errors = 0
     if len(newcat) == 1:
-        sensitivity = newcat[0]
-        cmd = 'chcon -l %s ' % newcat[0]
+        new_serange = newcat[0]
     else:
-        sensitivity = newcat[0]
-        cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1])
+        new_serange = "%s:%s" % (newcat[0], newcat[1])
         for cat in newcat[2:]:
-            cmd = '%s,%s' % (cmd, cat)
+            new_serange = '%s,%s' % (new_serange, cat)
 
-    for f in objects:
-        cmd = "%s %s" % (cmd, f)
-
-    rc = getstatusoutput(cmd)
-    if rc[0] != 0:
-        print(rc[1])
+    cmd = ["chcon", "-l", new_serange] + objects
+    try:
+        subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
+    except subprocess.CalledProcessError as e:
         errors += 1
 
     return errors
-- 
2.19.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] python/chcat: use check_call instead of getstatusoutput
  2018-12-04 10:35 [PATCH] python/chcat: use check_call instead of getstatusoutput Petr Lautrbach
@ 2018-12-09 14:19 ` Nicolas Iooss
  0 siblings, 0 replies; 2+ messages in thread
From: Nicolas Iooss @ 2018-12-09 14:19 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: selinux, Vit Mojzis

On Tue, Dec 4, 2018 at 11:35 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> From: Vit Mojzis <vmojzis@redhat.com>
>
> Use "check_call" instead of "getstatusoutput" in order for special
> characters and spaces in filenames to be handled correctly.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1013774
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

I have tested it in a Fedora VM and it worked.

Thanks!
Nicolas


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-09 14:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-04 10:35 [PATCH] python/chcat: use check_call instead of getstatusoutput Petr Lautrbach
2018-12-09 14:19 ` Nicolas Iooss

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).