libselinux: Rewrite restorecon() python method

When the restorecon method was added to the libselinux swig python bindings, there was no libselinux restorecon implementation and it he had to call matchpathcon() which is deprecated in favor of selabel_lookup(). The new restorecon method uses selinux_restorecon method from libselinux and which is exported by the previous commit. https://github.com/SELinuxProject/selinux/issues/29 Fixes: >>> selinux.restorecon('/var/lib', recursive=True) Traceback (most recent call last): File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon status, context = matchpathcon(path, mode) FileNotFoundError: [Errno 2] No such file or directory Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-12-22 13:43:09 +01:00 · 2016-12-22 13:43:09 +01:00 · 14f07097c3
commit 14f07097c3
parent 0399ec6438
1 changed files with 14 additions and 22 deletions
--- a/libselinux/src/selinuxswig_python.i
+++ b/libselinux/src/selinuxswig_python.i
@ -19,31 +19,23 @@ DISABLED = -1
 PERMISSIVE = 0
 ENFORCING = 1

-def restorecon(path, recursive=False):
-    """ Restore SELinux context on a given path """
+def restorecon(path, recursive=False, verbose=False):
+    """ Restore SELinux context on a given path

-    try:
-        mode = os.lstat(path)[stat.ST_MODE]
-        status, context = matchpathcon(path, mode)
-    except OSError:
-        path = os.path.realpath(os.path.expanduser(path))
-        mode = os.lstat(path)[stat.ST_MODE]
-        status, context = matchpathcon(path, mode)
+    Arguments:
+    path -- The pathname for the file or directory to be relabeled.

-    if status == 0:
-        try:
-            status, oldcontext = lgetfilecon(path)
-        except OSError as e:
-            if e.errno != errno.ENODATA:
-                raise
-            oldcontext = None
-        if context != oldcontext:
-            lsetfilecon(path, context)
+    Keyword arguments:
+    recursive -- Change files and directories file labels recursively (default False)
+    verbose -- Show changes in file labels (default False)
+    """

-        if recursive:
-            for root, dirs, files in os.walk(path):
-                for name in files + dirs:
-                   restorecon(os.path.join(root, name))
+    restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
+    if recursive:
+        restorecon_flags |= SELINUX_RESTORECON_RECURSE
+    if verbose:
+        restorecon_flags |= SELINUX_RESTORECON_VERBOSE
+    selinux_restorecon(os.path.expanduser(path), restorecon_flags)

 def chcon(path, context, recursive=False):
    """ Set the SELinux context on a given path """