From: Petr Lautrbach <plautrba@redhat.com>
To: selinux@vger.kernel.org
Cc: Petr Lautrbach <plautrba@redhat.com>
Subject: [PATCH v2 4/5] python/semanage: Load a store policy and set the store SELinux policy root
Date: Thu, 3 Jan 2019 13:03:39 +0100 [thread overview]
Message-ID: <20190103120340.2695-4-plautrba@redhat.com> (raw)
In-Reply-To: <20190103120340.2695-1-plautrba@redhat.com>
When "store" is set, sepolicy needs to load a new policy file and selinux module
needs to set the new store root path.
With this patch, semanage is able to work correctly with non-default -S <store>
even when the default policy is not installed yet.
Fixes:
$ sudo semanage login -S minimum -m -s unconfined_u -r s0-s0:c0.c1023 __default__
libsemanage.dbase_llist_query: could not query record value
OSError: [Errno 0] Error
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/semanage/seobject.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 4490e03f..556d3ba5 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -260,6 +260,8 @@ class semanageRecords:
if self.store == "" or self.store == localstore:
self.mylog = logger()
else:
+ sepolicy.load_store_policy(self.store)
+ selinux.selinux_set_policy_root("%s%s" % (selinux.selinux_path(), self.store))
self.mylog = nulllogger()
def set_reload(self, load):
@@ -1329,7 +1331,7 @@ class ibpkeyRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibpkey_type"])
+ q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
self.valid_types = sorted(str(t) for t in q.results())
except:
pass
@@ -1589,7 +1591,7 @@ class ibendportRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibendport_type"])
+ q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
self.valid_types = set(str(t) for t in q.results())
except:
pass
--
2.20.1
next prev parent reply other threads:[~2019-01-03 12:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-20 15:14 Fix semanage in envinronment without default policy or when -S <store> is used Petr Lautrbach
2018-12-20 15:14 ` [PATCH 1/4] python/semanage: move valid_types initialisations to class constructors Petr Lautrbach
2018-12-20 22:34 ` Nicolas Iooss
2019-01-02 13:14 ` Petr Lautrbach
2018-12-20 15:14 ` [PATCH 2/4] python/semanage: import sepolicy only when it's needed Petr Lautrbach
2018-12-20 15:14 ` [PATCH 3/4] python/sepolicy: Add sepolicy.load_store_policy(store) Petr Lautrbach
2018-12-20 21:55 ` Nicolas Iooss
2019-01-02 14:13 ` Petr Lautrbach
2018-12-20 15:14 ` [PATCH 4/4] python/semanage: Load a store policy and set the store SELinux policy root Petr Lautrbach
2019-01-03 12:03 ` [PATCH v2 1/5] python/semanage: move valid_types initialisations to class constructors Petr Lautrbach
2019-01-03 12:03 ` [PATCH v2 2/5] python/semanage: import sepolicy only when it's needed Petr Lautrbach
2019-01-03 12:03 ` [PATCH v2 3/5] python/sepolicy: Add sepolicy.load_store_policy(store) Petr Lautrbach
2019-01-03 12:03 ` Petr Lautrbach [this message]
2019-01-03 12:03 ` [PATCH v2 5/5] python/sepolicy: Make policy files sorting more robust Petr Lautrbach
2019-01-05 14:43 ` Nicolas Iooss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190103120340.2695-4-plautrba@redhat.com \
--to=plautrba@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).