[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: [PATCH 1/1] sepolicy: do not fail when file_contexts.local or .subs do not exist
From: Nicolas Iooss <nicolas.iooss () m4x ! org>
Date: 2017-09-19 20:34:03
Message-ID: CAJfZ7=kBtG=vPd0Tgvtv_-9BgoPapT9-2m0ufz=XgXhvT1d-JQ () mail ! gmail ! com
[Download RAW message or body]
On Tue, Sep 19, 2017 at 1:01 AM, William Roberts
<bill.c.roberts@gmail.com> wrote:
> On Mon, Sep 18, 2017 at 3:59 PM, William Roberts
> <bill.c.roberts@gmail.com> wrote:
>> On Mon, Sep 18, 2017 at 2:32 PM, Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>>>
>>> On a system without any file context customizations, "sepolicy gui"
>>> fails to load because it tries to read a non-existent file:
>>>
>>> FileNotFoundError: [Errno 2] No such file or directory:
>>> '/etc/selinux/refpolicy-git/contexts/files/file_contexts.local'
>>>
>>> Once this issue is fixed, another one is triggered:
>>>
>>> FileNotFoundError: [Errno 2] No such file or directory:
>>> '/etc/selinux/refpolicy-git/contexts/files/file_contexts.subs
>>>
>>> Use os.path.exists() to prevent trying to open non-existent files.
>>>
>>> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>>> ---
>>> python/sepolicy/sepolicy/__init__.py | 4 ++++
>>> 1 file changed, 4 insertions(+)
>>>
>>> diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
>>> index 03742346caf0..14d2ad634d7d 100644
>>> --- a/python/sepolicy/sepolicy/__init__.py
>>> +++ b/python/sepolicy/sepolicy/__init__.py
>>> @@ -523,6 +523,8 @@ def find_entrypoint_path(exe, exclude_list=[]):
>>>
>>>
>>> def read_file_equiv(edict, fc_path, modify):
>>> + if not os.path.exists(fc_path):
>>> + return edict
>>> fd = open(fc_path, "r")
>>> fc = fd.readlines()
>>> fd.close()
>>> @@ -555,6 +557,8 @@ def get_local_file_paths(fc_path=selinux.selinux_file_context_path()):
>>> if local_files:
>>> return local_files
>>> local_files = []
>>> + if not os.path.exists(fc_path + ".local"):
>>> + return []
>>> fd = open(fc_path + ".local", "r")
>>
>> Why not use Try/Except here with a pass here?
>
> Wouldn't be a pass... but you get the idea.
It modifies more lines, but as you suggested it I will send a v2 which
uses try/except. In order to keep the code compatible with Python 2,
it will be "except OSError" + errno checking to silently skip
non-existing file.
>
>> While you're at it, maybe update this to use a with
>> statement. instead of an explicit close call.
>>> fc = fd.readlines()
>>> fd.close()
I will do it. Thanks for you suggestions.
Nicolas
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic