RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

python/audit2allow: allow using audit2why as non-root user 

Importing sepolicy as non-root on a system with SELinux causes the
following exception to be raised:

    ValueError: No SELinux Policy installed

Ignore this when using audit2why, which allows using it with option
--policy as a non-root user.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2018-12-21 21:43:33 +01:00 committed by Petr Lautrbach
parent 621c406585
commit b2a54258b4
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
python/audit2allow/audit2allow
View File

@ -242,7 +242,10 @@ class AuditToPolicy:
def __output_audit2why(self): def __output_audit2why(self):
import selinux import selinux
try:
import sepolicy import sepolicy
except (ImportError, ValueError):
sepolicy = None
for i in self.__parser.avc_msgs: for i in self.__parser.avc_msgs:
rc = i.type rc = i.type
data = i.data data = i.data
@ -262,10 +265,12 @@ class AuditToPolicy:
if len(data) > 1: if len(data) > 1:
print("\tOne of the following booleans was set incorrectly.") print("\tOne of the following booleans was set incorrectly.")
for b in data: for b in data:
if sepolicy is not None:
print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0])) print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
else: else:
print("\tThe boolean %s was set incorrectly. " % (data[0][0])) print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
if sepolicy is not None:
print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0])) print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
continue continue