python/audit2allow: allow using audit2why as non-root user

Importing sepolicy as non-root on a system with SELinux causes the following exception to be raised: ValueError: No SELinux Policy installed Ignore this when using audit2why, which allows using it with option --policy as a non-root user. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-12-21 21:43:33 +01:00 · 2018-12-21 21:43:33 +01:00 · b2a54258b4
parent 621c406585
commit b2a54258b4
1 changed files with 8 additions and 3 deletions
--- a/python/audit2allow/audit2allow
+++ b/python/audit2allow/audit2allow
@ -242,7 +242,10 @@ class AuditToPolicy:

    def __output_audit2why(self):
        import selinux
+        try:
            import sepolicy
+        except (ImportError, ValueError):
+            sepolicy = None
        for i in self.__parser.avc_msgs:
            rc = i.type
            data = i.data
@ -262,10 +265,12 @@ class AuditToPolicy:
                if len(data) > 1:
                    print("\tOne of the following booleans was set incorrectly.")
                    for b in data:
+                        if sepolicy is not None:
                            print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
                        print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
                else:
                    print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
+                    if sepolicy is not None:
                        print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
                    print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
                continue