Add missing action org.selinux.change_default_mode for change_default_mode() and
remove unused action org.selinux.change_policy_type.
Fixes: e8718ef514 ("Make sure we do the polkit check on all dbus interfaces.")
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
As described in [0], this likely did not have the intended effect, so
simply remove it. The change in behavior is that up until this patch
it would be possible for any non-system user to potentially gain access
to selinux' dbus interface. Now this is extended to also allow any
system user.
As the comment indicates, PolicyKit is used to enforce access, so this
should be perfectly harmless.
[0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
Signed-off-by: Tom Gundersen <teg@jklm.no>
CC: David Herrmann <dh.herrmann@gmail.com>
subprocess.Popen called without universal_newlines=True opens stdin,
stout and stderr as binary stream which cause problems with Python 3.
Fixes:
Traceback (most recent call last):
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 2773, in unconfined_toggle
self.dbus.semanage("module -e unconfined")
File "<string>", line 2, in semanage
File "/usr/lib/python3.4/site-packages/slip/dbus/polkit.py", line 121, in _enable_proxy
return func(*p, **k)
File "/usr/lib64/python3.4/site-packages/sepolicy/sedbus.py", line 14, in semanage
ret = self.dbus_object.semanage(buf, dbus_interface = "org.selinux")
File "/usr/lib64/python3.4/site-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib64/python3.4/site-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.TypeError: TypeError: 'dbus.String' does not support the buffer interface
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
semodule in policycoreutils-2.4 changed the list format. With this
patch, org.selinux.semodule_list uses 'semodule --list=full' and the
code using this was adapted to the new format.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1281309
Fixes:
File "/usr/lib64/python3.4/site-packages/sepolicy/gui.py", line 670, in lockdown_init
self.enable_unconfined_button.set_active(not self.module_dict["unconfined"]["Disabled"])
KeyError: 'unconfined'
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
