tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: Adapt to new the semodule list output

Browse source 
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309

Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
  self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
This commit is contained in:
Petr Lautrbach 2017-05-03 12:30:27 +02:00 committed by Stephen Smalley
parent f82771c105
commit 2a0102a270
3 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
dbus/selinux_server.py
View file

@ -46,13 +46,13 @@ class selinux_server(slip.dbus.service.Object):
return buf
#
# The semodule_list method will return the output of semodule -l, using the customized polkit,
# The semodule_list method will return the output of semodule --list=full, using the customized polkit,
# since this is a readonly behaviour
#
@slip.dbus.polkit.require_auth("org.selinux.semodule_list")
@dbus.service.method("org.selinux", in_signature='', out_signature='s')
def semodule_list(self):
p = Popen(["/usr/sbin/semodule", "-l"], stdout=PIPE, stderr=PIPE)
p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE)
buf = p.stdout.read()
output = p.communicate()
if p.returncode and p.returncode != 0:

2
gui/polgengui.py
View file

@ -679,7 +679,7 @@ class childWindow:
entry.set_text("")
return False
if name in self.all_modules:
if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
if self.verify(_("Module %s already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO:
entry.set_text("")
return False

4
python/sepolicy/sepolicy/gui.py
View file

@ -673,9 +673,9 @@ class SELinuxGui():
self.module_dict = {}
for m in self.dbus.semodule_list().split("\n"):
mod = m.split()
if len(mod) < 2:
if len(mod) < 3:
continue
self.module_dict[mod[0]] = {"version": mod[1], "Disabled": (len(mod) > 2)}
self.module_dict[mod[1]] = { "priority": mod[0], "Disabled" : (len(mod) > 3) }
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
self.enable_permissive_button.set_active(not self.module_dict["permissivedomains"]["Disabled"])