semanage: move permissive module creation to /tmp

semanage currently uses /var/lib/selinux/tmp to create permissive modules. However, with the move to /var, the same tmp directory is used for building policy binaries, causing a conflict. This patch creates a random temporary directory in /tmp and moves permissive module creation to that directory, avoiding the directory conflict. This patch also imports shutil for rmtree to easily delete all created temporary files. Signed-off-by: Chad Sellers <csellers@tresys.com>
2025-02-25 22:10:38 +00:00 · 2009-12-23 18:25:49 -05:00 · 2009-12-23 18:25:49 -05:00 · 565ea9832e
commit 565ea9832e
parent 844810d9ac
1 changed files with 5 additions and 10 deletions
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@ -21,7 +21,7 @@
 #
 #  

-import pwd, grp, string, selinux, tempfile, os, re, sys, stat
+import pwd, grp, string, selinux, tempfile, os, re, sys, stat, shutil
 from semanage import *;
 PROGNAME = "policycoreutils"
 import sepolicy
@ -410,7 +410,8 @@ class permissiveRecords(semanageRecords):
 		       raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel patckage.\n# yum install policycoreutils-devel\nOr similar for your distro."))
 		
               name = "permissive_%s" % type
-               dirname = "/var/lib/selinux"
+               dirname = tempfile.mkdtemp("-semanage")
+               savedir = os.getcwd()
               os.chdir(dirname)
               filename = "%s.te" % name
               modtxt = """
@ -435,14 +436,8 @@ permissive %s;
               if rc >= 0:
                      self.commit()

-               for root, dirs, files in os.walk("tmp", topdown = False):
-                      for name in files:
-                             os.remove(os.path.join(root, name))
-                      for name in dirs:
-                             os.rmdir(os.path.join(root, name))
-               os.removedirs("tmp")
-               for i in glob.glob("permissive_%s.*" % type):
-                      os.remove(i)
+               os.chdir(savedir)
+               shutil.rmtree(dirname)
               if rc < 0:
 			raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)