libselinux-2.5-15
libselinux: Rewrite restorecon() python method When the restorecon method was added to the libselinux swig python bindings, there was no libselinux restorecon implementation and it he had to call matchpathcon() which is deprecated in favor of selabel_lookup(). The new restorecon method uses selinux_restorecon method from libselinux and which is exported by the previous commit. https://github.com/SELinuxProject/selinux/issues/29 https://github.com/fedora-selinux/selinux/pull/35 Fixes: >>> selinux.restorecon('/var/lib', recursive=True) Traceback (most recent call last): File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon status, context = matchpathcon(path, mode) FileNotFoundError: [Errno 2] No such file or directory
This commit is contained in:
parent
1fdaaa8476
commit
7039bfb757
@ -1833,6 +1833,77 @@ index 46566f6..3d5c9fb 100644
|
||||
hidden_proto(selinux_systemd_contexts_path)
|
||||
hidden_proto(selinux_path)
|
||||
hidden_proto(selinux_check_passwd_access)
|
||||
diff --git libselinux-2.5/src/selinuxswig.i libselinux-2.5/src/selinuxswig.i
|
||||
index c1e4ef7..687c43b 100644
|
||||
--- libselinux-2.5/src/selinuxswig.i
|
||||
+++ libselinux-2.5/src/selinuxswig.i
|
||||
@@ -9,6 +9,7 @@
|
||||
#include "../include/selinux/get_context_list.h"
|
||||
#include "../include/selinux/get_default_type.h"
|
||||
#include "../include/selinux/label.h"
|
||||
+ #include "../include/selinux/restorecon.h"
|
||||
#include "../include/selinux/selinux.h"
|
||||
%}
|
||||
%apply int *OUTPUT { int *enforce };
|
||||
@@ -61,4 +62,5 @@
|
||||
%include "../include/selinux/get_context_list.h"
|
||||
%include "../include/selinux/get_default_type.h"
|
||||
%include "../include/selinux/label.h"
|
||||
+%include "../include/selinux/restorecon.h"
|
||||
%include "../include/selinux/selinux.h"
|
||||
diff --git libselinux-2.5/src/selinuxswig_python.i libselinux-2.5/src/selinuxswig_python.i
|
||||
index 8cea18d..eac8475 100644
|
||||
--- libselinux-2.5/src/selinuxswig_python.i
|
||||
+++ libselinux-2.5/src/selinuxswig_python.i
|
||||
@@ -14,31 +14,23 @@ DISABLED = -1
|
||||
PERMISSIVE = 0
|
||||
ENFORCING = 1
|
||||
|
||||
-def restorecon(path, recursive=False):
|
||||
- """ Restore SELinux context on a given path """
|
||||
-
|
||||
- try:
|
||||
- mode = os.lstat(path)[stat.ST_MODE]
|
||||
- status, context = matchpathcon(path, mode)
|
||||
- except OSError:
|
||||
- path = os.path.realpath(os.path.expanduser(path))
|
||||
- mode = os.lstat(path)[stat.ST_MODE]
|
||||
- status, context = matchpathcon(path, mode)
|
||||
-
|
||||
- if status == 0:
|
||||
- try:
|
||||
- status, oldcontext = lgetfilecon(path)
|
||||
- except OSError as e:
|
||||
- if e.errno != errno.ENODATA:
|
||||
- raise
|
||||
- oldcontext = None
|
||||
- if context != oldcontext:
|
||||
- lsetfilecon(path, context)
|
||||
-
|
||||
- if recursive:
|
||||
- for root, dirs, files in os.walk(path):
|
||||
- for name in files + dirs:
|
||||
- restorecon(os.path.join(root, name))
|
||||
+def restorecon(path, recursive=False, verbose=False):
|
||||
+ """ Restore SELinux context on a given path
|
||||
+
|
||||
+ Arguments:
|
||||
+ path -- The pathname for the file or directory to be relabeled.
|
||||
+
|
||||
+ Keyword arguments:
|
||||
+ recursive -- Change files and directories file labels recursively (default False)
|
||||
+ verbose -- Show changes in file labels (default False)
|
||||
+ """
|
||||
+
|
||||
+ restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
|
||||
+ if recursive:
|
||||
+ restorecon_flags |= SELINUX_RESTORECON_RECURSE
|
||||
+ if verbose:
|
||||
+ restorecon_flags |= SELINUX_RESTORECON_VERBOSE
|
||||
+ selinux_restorecon(os.path.expanduser(path), restorecon_flags)
|
||||
|
||||
def chcon(path, context, recursive=False):
|
||||
""" Set the SELinux context on a given path """
|
||||
diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c
|
||||
index d05969c..3f0200e 100644
|
||||
--- libselinux-2.5/src/setfilecon.c
|
||||
|
@ -9,7 +9,7 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.5
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Libraries
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -20,7 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/be955a4daf0598dbce8881c5dbab23b0cb1a6322
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/3dcc89405fc1efdcd41b96c50b030174fcaf4514
|
||||
Patch1: libselinux-fedora.patch
|
||||
BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel
|
||||
%if 0%{?with_python3}
|
||||
@ -256,6 +256,9 @@ rm -rf %{buildroot}
|
||||
%{ruby_vendorarchdir}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Wed Jan 11 2017 Petr Lautrbach <plautrba@redhat.com> - 2.5-15
|
||||
- Rewrite restorecon() python method
|
||||
|
||||
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.5-14
|
||||
- Rebuild for Python 3.6
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user