* [PATCH 1/4] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it
@ 2018-12-21 20:43 Nicolas Iooss
2018-12-21 20:43 ` [PATCH 2/4] python/audit2allow/sepolgen-ifgen: add missing \n to error message Nicolas Iooss
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-21 20:43 UTC (permalink / raw)
To: selinux
sepolgen testsuite reports the following warning on a system with
/etc/selinux/sepolgen.conf:
.../src/./sepolgen/defaults.py:35: ResourceWarning: unclosed file
<_io.TextIOWrapper name='/etc/selinux/sepolgen.conf' mode='r'
encoding='UTF-8'>
Fix this by properly closing the file in PathChooser.__init__().
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/sepolgen/src/sepolgen/defaults.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/python/sepolgen/src/sepolgen/defaults.py b/python/sepolgen/src/sepolgen/defaults.py
index 199acfafe4cf..533a90412475 100644
--- a/python/sepolgen/src/sepolgen/defaults.py
+++ b/python/sepolgen/src/sepolgen/defaults.py
@@ -32,12 +32,13 @@ class PathChooser(object):
self.config_pathname = pathname
ignore = re.compile(r"^\s*(?:#.+)?$")
consider = re.compile(r"^\s*(\w+)\s*=\s*(.+?)\s*$")
- for lineno, line in enumerate(open(pathname)):
- if ignore.match(line): continue
- mo = consider.match(line)
- if not mo:
- raise ValueError("%s:%d: line is not in key = value format" % (pathname, lineno+1))
- self.config[mo.group(1)] = mo.group(2)
+ with open(pathname, "r") as fd:
+ for lineno, line in enumerate(fd):
+ if ignore.match(line): continue
+ mo = consider.match(line)
+ if not mo:
+ raise ValueError("%s:%d: line is not in key = value format" % (pathname, lineno+1))
+ self.config[mo.group(1)] = mo.group(2)
# We're only exporting one useful function, so why not be a function
def __call__(self, testfilename, pathset="SELINUX_DEVEL_PATH"):
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/4] python/audit2allow/sepolgen-ifgen: add missing \n to error message
2018-12-21 20:43 [PATCH 1/4] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it Nicolas Iooss
@ 2018-12-21 20:43 ` Nicolas Iooss
2018-12-21 20:43 ` [PATCH 3/4] python/audit2allow/sepolgen-ifgen: show errors on stderr Nicolas Iooss
2018-12-21 20:43 ` [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user Nicolas Iooss
2 siblings, 0 replies; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-21 20:43 UTC (permalink / raw)
To: selinux
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/audit2allow/sepolgen-ifgen | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
index acf96384ee16..aa1ae8dc21d2 100644
--- a/python/audit2allow/sepolgen-ifgen
+++ b/python/audit2allow/sepolgen-ifgen
@@ -96,7 +96,7 @@ def get_attrs(policy_path):
ret = subprocess.Popen([ATTR_HELPER, policy_path, outfile.name], stdout=fd).wait()
fd.close()
if ret != 0:
- sys.stderr.write("could not run attribute helper")
+ sys.stderr.write("could not run attribute helper\n")
return None
attrs = interfaces.AttributeSet()
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/4] python/audit2allow/sepolgen-ifgen: show errors on stderr
2018-12-21 20:43 [PATCH 1/4] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it Nicolas Iooss
2018-12-21 20:43 ` [PATCH 2/4] python/audit2allow/sepolgen-ifgen: add missing \n to error message Nicolas Iooss
@ 2018-12-21 20:43 ` Nicolas Iooss
2018-12-21 20:43 ` [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user Nicolas Iooss
2 siblings, 0 replies; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-21 20:43 UTC (permalink / raw)
To: selinux
This allows test_audit2allow.py to display the errors correctly.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/audit2allow/sepolgen-ifgen | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
index aa1ae8dc21d2..e3f67d430647 100644
--- a/python/audit2allow/sepolgen-ifgen
+++ b/python/audit2allow/sepolgen-ifgen
@@ -135,8 +135,7 @@ def main():
try:
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError as e:
- print("error parsing headers")
- print(str(e))
+ sys.stderr.write("error parsing headers: %s\n" % e)
return 1
if_set = interfaces.InterfaceSet(output=log)
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user
2018-12-21 20:43 [PATCH 1/4] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it Nicolas Iooss
2018-12-21 20:43 ` [PATCH 2/4] python/audit2allow/sepolgen-ifgen: add missing \n to error message Nicolas Iooss
2018-12-21 20:43 ` [PATCH 3/4] python/audit2allow/sepolgen-ifgen: show errors on stderr Nicolas Iooss
@ 2018-12-21 20:43 ` Nicolas Iooss
2019-01-07 11:57 ` Petr Lautrbach
2 siblings, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2018-12-21 20:43 UTC (permalink / raw)
To: selinux
Importing sepolicy as non-root on a system with SELinux causes the
following exception to be raised:
ValueError: No SELinux Policy installed
Ignore this when using audit2why, which allows using it with option
--policy as a non-root user.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
python/audit2allow/audit2allow | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
index 195f151c6ca1..18fe0a531d02 100644
--- a/python/audit2allow/audit2allow
+++ b/python/audit2allow/audit2allow
@@ -242,7 +242,10 @@ class AuditToPolicy:
def __output_audit2why(self):
import selinux
- import sepolicy
+ try:
+ import sepolicy
+ except (ImportError, ValueError):
+ sepolicy = None
for i in self.__parser.avc_msgs:
rc = i.type
data = i.data
@@ -262,11 +265,13 @@ class AuditToPolicy:
if len(data) > 1:
print("\tOne of the following booleans was set incorrectly.")
for b in data:
- print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
+ if sepolicy is not None:
+ print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
else:
print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
- print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
+ if sepolicy is not None:
+ print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
continue
--
2.19.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user
2018-12-21 20:43 ` [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user Nicolas Iooss
@ 2019-01-07 11:57 ` Petr Lautrbach
0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2019-01-07 11:57 UTC (permalink / raw)
To: Nicolas Iooss; +Cc: selinux
Nicolas Iooss <nicolas.iooss@m4x.org> writes:
> Importing sepolicy as non-root on a system with SELinux causes the
> following exception to be raised:
>
> ValueError: No SELinux Policy installed
>
> Ignore this when using audit2why, which allows using it with option
> --policy as a non-root user.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
All 4 merged. Thanks!
> ---
> python/audit2allow/audit2allow | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
> index 195f151c6ca1..18fe0a531d02 100644
> --- a/python/audit2allow/audit2allow
> +++ b/python/audit2allow/audit2allow
> @@ -242,7 +242,10 @@ class AuditToPolicy:
>
> def __output_audit2why(self):
> import selinux
> - import sepolicy
> + try:
> + import sepolicy
> + except (ImportError, ValueError):
> + sepolicy = None
> for i in self.__parser.avc_msgs:
> rc = i.type
> data = i.data
> @@ -262,11 +265,13 @@ class AuditToPolicy:
> if len(data) > 1:
> print("\tOne of the following booleans was set incorrectly.")
> for b in data:
> - print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
> + if sepolicy is not None:
> + print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
> print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
> else:
> print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
> - print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
> + if sepolicy is not None:
> + print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
> print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
> continue
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-01-07 11:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-21 20:43 [PATCH 1/4] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it Nicolas Iooss
2018-12-21 20:43 ` [PATCH 2/4] python/audit2allow/sepolgen-ifgen: add missing \n to error message Nicolas Iooss
2018-12-21 20:43 ` [PATCH 3/4] python/audit2allow/sepolgen-ifgen: show errors on stderr Nicolas Iooss
2018-12-21 20:43 ` [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user Nicolas Iooss
2019-01-07 11:57 ` Petr Lautrbach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).