RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-03-09 19:57:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

sepolicy: Do not try to load policy on import

Browse Source 
When a policy is inaccessible, scripts fail right "import sepolicy". With
this change we let the "sepolicy" module to import and move the policy
initialization before it's used for the first time.

Fixes:
    >>> import seobject
    Traceback (most recent call last):
      File "/usr/lib/python3.9/site-packages/sepolicy/__init__.py", line 171, in policy
        _pol = setools.SELinuxPolicy(policy_file)
      File "setools/policyrep/selinuxpolicy.pxi", line 73, in setools.policyrep.SELinuxPolicy.__cinit__
      File "setools/policyrep/selinuxpolicy.pxi", line 695, in setools.policyrep.SELinuxPolicy._load_policy
    PermissionError: [Errno 13] Permission denied: '//etc/selinux/targeted/policy/policy.33'

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib/python3.9/site-packages/seobject.py", line 33, in <module>
        import sepolicy
      File "/usr/lib/python3.9/site-packages/sepolicy/__init__.py", line 186, in <module>
        raise e
      File "/usr/lib/python3.9/site-packages/sepolicy/__init__.py", line 183, in <module>
        policy(policy_file)
      File "/usr/lib/python3.9/site-packages/sepolicy/__init__.py", line 173, in policy
        raise ValueError(_("Failed to read %s policy file") % policy_file)
    ValueError: Failed to read //etc/selinux/targeted/policy/policy.33 policy file

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
This commit is contained in:
Petr Lautrbach 2021-02-23 16:03:28 +01:00 committed by Nicolas Iooss
parent d4d1f4ba7e
commit be065c4b44
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
python/sepolicy/sepolicy/__init__.py
View File

@ -178,15 +178,15 @@ def load_store_policy(store):
return None
policy(policy_file)
try:
def init_policy():
policy_file = get_installed_policy()
policy(policy_file)
except ValueError as e:
if selinux.is_selinux_enabled() == 1:
raise e
def info(setype, name=None):
global _pol
if not _pol:
init_policy()
if setype == TYPE:
q = setools.TypeQuery(_pol)
q.name = name
@ -337,6 +337,9 @@ def _setools_rule_to_dict(rule):
def search(types, seinfo=None):
global _pol
if not _pol:
init_policy()
if not seinfo:
seinfo = {}
valid_types = set([ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT, TRANSITION, ROLE_ALLOW])
@ -916,6 +919,10 @@ def get_all_roles():
if roles:
return roles
global _pol
if not _pol:
init_policy()
q = setools.RoleQuery(_pol)
roles = [str(x) for x in q.results() if str(x) != "object_r"]
return roles