From 2a0102a27052ba99b42199c99a1caa6f9444e5e1 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 3 May 2017 12:30:27 +0200 Subject: [PATCH] sepolicy: Adapt to new the semodule list output semodule in policycoreutils-2.4 changed the list format. With this patch, org.selinux.semodule_list uses 'semodule --list=full' and the code using this was adapted to the new format. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309 Fixes: File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) KeyError: 'unconfined' Signed-off-by: Petr Lautrbach --- dbus/selinux_server.py | 4 ++-- gui/polgengui.py | 2 +- python/sepolicy/sepolicy/gui.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py index 8bd1fe5b..aae8b5fa 100644 --- a/dbus/selinux_server.py +++ b/dbus/selinux_server.py @@ -46,13 +46,13 @@ class selinux_server(slip.dbus.service.Object): return buf # - # The semodule_list method will return the output of semodule -l, using the customized polkit, + # The semodule_list method will return the output of semodule --list=full, using the customized polkit, # since this is a readonly behaviour # @slip.dbus.polkit.require_auth("org.selinux.semodule_list") @dbus.service.method("org.selinux", in_signature='', out_signature='s') def semodule_list(self): - p = Popen(["/usr/sbin/semodule", "-l"], stdout=PIPE, stderr=PIPE) + p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE) buf = p.stdout.read() output = p.communicate() if p.returncode and p.returncode != 0: diff --git a/gui/polgengui.py b/gui/polgengui.py index 1d262a95..7460cce2 100644 --- a/gui/polgengui.py +++ b/gui/polgengui.py @@ -679,7 +679,7 @@ class childWindow: entry.set_text("") return False if name in self.all_modules: - if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: + if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: entry.set_text("") return False diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index c9dd4c1c..e361aa1c 100644 --- a/python/sepolicy/sepolicy/gui.py +++ b/python/sepolicy/sepolicy/gui.py @@ -673,9 +673,9 @@ class SELinuxGui(): self.module_dict = {} for m in self.dbus.semodule_list().split("\n"): mod = m.split() - if len(mod) < 2: + if len(mod) < 3: continue - self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)} + self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) } self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"]) self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])