| Message ID | 20181209142323.21149-2-nicolas.iooss@m4x.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [1/2] python/chcat: improve the code readability | expand |
Nicolas Iooss <nicolas.iooss@m4x.org> writes: > Using Vagrant with fedora/28-cloud-base image, SELinux logins are > configured this way: > > # semanage login -l > Login Name SELinux User MLS/MCS Range Service > > __default__ unconfined_u s0-s0:c0.c1023 * > root unconfined_u s0-s0:c0.c1023 * > vagrant unconfined_u s0-s0:c0.c1023 * > > Using "chcat -l +c42 vagrant" successfully adds the category to user > vagrant, but "chcat -l -- -c42 vagrant" fails to remove it. > semanage login -l returns: > > vagrant unconfined_u s0-s0:c0.c1023,c42 * > > This issue is caused by expandCats(), which refuses to return a list of > more than 25 categories. This causes chcat_user_remove() to work with > cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to > it not been able to remove 'c42' from the list. > > Fix this issue by splitting the list of categories before calling > expandCats(). > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> Acked-by: Petr Lautrbach <plautrba@redhat.com> > --- > python/chcat/chcat | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/python/chcat/chcat b/python/chcat/chcat > index 73f757258807..5bef0073b7a4 100755 > --- a/python/chcat/chcat > +++ b/python/chcat/chcat > @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users): > if len(serange) > 1: > top = serange[1].split(":") > if len(top) > 1: > - cats.append(top[1]) > - cats = expandCats(cats) > + cats = expandCats(top[1].split(',')) > > for i in newcat[1:]: > if i not in cats: > @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users): > if len(serange) > 1: > top = serange[1].split(":") > if len(top) > 1: > - cats.append(top[1]) > - cats = expandCats(cats) > + cats = expandCats(top[1].split(',')) > > for i in newcat[1:]: > if i in cats:
Petr Lautrbach <plautrba@redhat.com> writes: > Nicolas Iooss <nicolas.iooss@m4x.org> writes: > >> Using Vagrant with fedora/28-cloud-base image, SELinux logins are >> configured this way: >> >> # semanage login -l >> Login Name SELinux User MLS/MCS Range Service >> >> __default__ unconfined_u s0-s0:c0.c1023 * >> root unconfined_u s0-s0:c0.c1023 * >> vagrant unconfined_u s0-s0:c0.c1023 * >> >> Using "chcat -l +c42 vagrant" successfully adds the category to user >> vagrant, but "chcat -l -- -c42 vagrant" fails to remove it. >> semanage login -l returns: >> >> vagrant unconfined_u s0-s0:c0.c1023,c42 * >> >> This issue is caused by expandCats(), which refuses to return a list of >> more than 25 categories. This causes chcat_user_remove() to work with >> cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to >> it not been able to remove 'c42' from the list. >> >> Fix this issue by splitting the list of categories before calling >> expandCats(). >> >> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> > > Acked-by: Petr Lautrbach <plautrba@redhat.com> All 3 chcat patches merged. Thanks! > >> --- >> python/chcat/chcat | 6 ++---- >> 1 file changed, 2 insertions(+), 4 deletions(-) >> >> diff --git a/python/chcat/chcat b/python/chcat/chcat >> index 73f757258807..5bef0073b7a4 100755 >> --- a/python/chcat/chcat >> +++ b/python/chcat/chcat >> @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users): >> if len(serange) > 1: >> top = serange[1].split(":") >> if len(top) > 1: >> - cats.append(top[1]) >> - cats = expandCats(cats) >> + cats = expandCats(top[1].split(',')) >> >> for i in newcat[1:]: >> if i not in cats: >> @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users): >> if len(serange) > 1: >> top = serange[1].split(":") >> if len(top) > 1: >> - cats.append(top[1]) >> - cats = expandCats(cats) >> + cats = expandCats(top[1].split(',')) >> >> for i in newcat[1:]: >> if i in cats:
diff --git a/python/chcat/chcat b/python/chcat/chcat index 73f757258807..5bef0073b7a4 100755 --- a/python/chcat/chcat +++ b/python/chcat/chcat @@ -82,8 +82,7 @@ def chcat_user_add(newcat, users): if len(serange) > 1: top = serange[1].split(":") if len(top) > 1: - cats.append(top[1]) - cats = expandCats(cats) + cats = expandCats(top[1].split(',')) for i in newcat[1:]: if i not in cats: @@ -163,8 +162,7 @@ def chcat_user_remove(newcat, users): if len(serange) > 1: top = serange[1].split(":") if len(top) > 1: - cats.append(top[1]) - cats = expandCats(cats) + cats = expandCats(top[1].split(',')) for i in newcat[1:]: if i in cats:
Using Vagrant with fedora/28-cloud-base image, SELinux logins are configured this way: # semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ unconfined_u s0-s0:c0.c1023 * root unconfined_u s0-s0:c0.c1023 * vagrant unconfined_u s0-s0:c0.c1023 * Using "chcat -l +c42 vagrant" successfully adds the category to user vagrant, but "chcat -l -- -c42 vagrant" fails to remove it. semanage login -l returns: vagrant unconfined_u s0-s0:c0.c1023,c42 * This issue is caused by expandCats(), which refuses to return a list of more than 25 categories. This causes chcat_user_remove() to work with cats=['c0.c1023,c42'] instead of cats=['c0.c102','c42'], which leads to it not been able to remove 'c42' from the list. Fix this issue by splitting the list of categories before calling expandCats(). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- python/chcat/chcat | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)