diff mbox series

python: Do not query the local database if the fcontext is non-local

Message ID 20221019190356.3092073-1-jwcart2@gmail.com (mailing list archive)
State Accepted
Commit 7238ad32a317
Headers show
Series python: Do not query the local database if the fcontext is non-local | expand

Commit Message

James Carter Oct. 19, 2022, 7:03 p.m. UTC
Vit Mojzis reports that an error message is produced when modifying
a non-local fcontext.

He gives the following example:
  # semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
  libsemanage.dbase_llist_query: could not query record value (No such file or directory).

When modifying an fcontext, the non-local database is checked for the
key and then, if it is not found there, the local database is checked.
If the key doesn't exist, then an error is raised. If the key exists
then the local database is queried first and, if that fails, the non-
local database is queried.

The error is from querying the local database when the fcontext is in
the non-local database.

Instead, if the fcontext is in the non-local database, just query
the non-local database. Only query the local database if the
fcontext was found in it.

Reported-by: Vit Mojzis <vmojzis@redhat.com>
Signed-off-by: James Carter <jwcart2@gmail.com>
---
 python/semanage/seobject.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

Comments

James Carter Oct. 24, 2022, 6:51 p.m. UTC | #1
On Wed, Oct 19, 2022 at 3:04 PM James Carter <jwcart2@gmail.com> wrote:
>
> Vit Mojzis reports that an error message is produced when modifying
> a non-local fcontext.
>
> He gives the following example:
>   # semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
>   libsemanage.dbase_llist_query: could not query record value (No such file or directory).
>
> When modifying an fcontext, the non-local database is checked for the
> key and then, if it is not found there, the local database is checked.
> If the key doesn't exist, then an error is raised. If the key exists
> then the local database is queried first and, if that fails, the non-
> local database is queried.
>
> The error is from querying the local database when the fcontext is in
> the non-local database.
>
> Instead, if the fcontext is in the non-local database, just query
> the non-local database. Only query the local database if the
> fcontext was found in it.
>
> Reported-by: Vit Mojzis <vmojzis@redhat.com>
> Signed-off-by: James Carter <jwcart2@gmail.com>

This has been merged.
Jim

> ---
>  python/semanage/seobject.py | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 0782c082..d82da494 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2504,16 +2504,19 @@ class fcontextRecords(semanageRecords):
>          (rc, exists) = semanage_fcontext_exists(self.sh, k)
>          if rc < 0:
>              raise ValueError(_("Could not check if file context for %s is defined") % target)
> -        if not exists:
> +        if exists:
> +            try:
> +                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
> +            except OSError:
> +                raise ValueError(_("Could not query file context for %s") % target)
> +        else:
>              (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
> +            if rc < 0:
> +                raise ValueError(_("Could not check if file context for %s is defined") % target)
>              if not exists:
>                  raise ValueError(_("File context for %s is not defined") % target)
> -
> -        try:
> -            (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
> -        except OSError:
>              try:
> -                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
> +                (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
>              except OSError:
>                  raise ValueError(_("Could not query file context for %s") % target)
>
> --
> 2.37.3
>
diff mbox series

Patch

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 0782c082..d82da494 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2504,16 +2504,19 @@  class fcontextRecords(semanageRecords):
         (rc, exists) = semanage_fcontext_exists(self.sh, k)
         if rc < 0:
             raise ValueError(_("Could not check if file context for %s is defined") % target)
-        if not exists:
+        if exists:
+            try:
+                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
+            except OSError:
+                raise ValueError(_("Could not query file context for %s") % target)
+        else:
             (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
+            if rc < 0:
+                raise ValueError(_("Could not check if file context for %s is defined") % target)
             if not exists:
                 raise ValueError(_("File context for %s is not defined") % target)
-
-        try:
-            (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
-        except OSError:
             try:
-                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
+                (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
             except OSError:
                 raise ValueError(_("Could not query file context for %s") % target)