dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
diff mbox series

Message ID 20191115145425.1460016-1-plautrba@redhat.com
State Accepted
Headers show
Series
  • dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
Related show

Commit Message

Petr Lautrbach Nov. 15, 2019, 2:54 p.m. UTC
When org.selinux.relabel_on_boot(0) was called twice, it failed with
FileNotFoundError.

Fixes:
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
    method return sender=:1.53 -> dest=:1.54 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    method return sender=:1.53 -> dest=:1.55 reply_serial=2
    $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
    Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---

Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:

$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8

Analyzing 187 Python scripts

./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'

./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'

The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.



 dbus/selinux_server.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Stephen Smalley Nov. 15, 2019, 3:01 p.m. UTC | #1
On 11/15/19 9:54 AM, Petr Lautrbach wrote:
> When org.selinux.relabel_on_boot(0) was called twice, it failed with
> FileNotFoundError.
> 
> Fixes:
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
>      method return sender=:1.53 -> dest=:1.54 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      method return sender=:1.53 -> dest=:1.55 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
> 
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
> ---
> 
> Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:
> 
> $ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
> 
> Analyzing 187 Python scripts
> 
> ./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> ./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.

Hmm...given that, do we want to defer it until after 3.0 final release, 
or are we going to switch travis over to only test with python3 now?

> 
> 
> 
>   dbus/selinux_server.py | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
> index b9debc071485..be4f4557a9fa 100644
> --- a/dbus/selinux_server.py
> +++ b/dbus/selinux_server.py
> @@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
>               fd = open("/.autorelabel", "w")
>               fd.close()
>           else:
> -            os.unlink("/.autorelabel")
> +            try:
> +                os.unlink("/.autorelabel")
> +            except FileNotFoundError:
> +                pass
>   
>       def write_selinux_config(self, enforcing=None, policy=None):
>           path = selinux.selinux_path() + "config"
>
Nicolas Iooss Nov. 16, 2019, 5:04 p.m. UTC | #2
On Fri, Nov 15, 2019 at 4:01 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>
> On 11/15/19 9:54 AM, Petr Lautrbach wrote:
> > When org.selinux.relabel_on_boot(0) was called twice, it failed with
> > FileNotFoundError.
> >
> > Fixes:
> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
> >      method return sender=:1.53 -> dest=:1.54 reply_serial=2
> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
> >      method return sender=:1.53 -> dest=:1.55 reply_serial=2
> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
> >      Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
> >
> > Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
> > ---
> >
> > Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:
> >
> > $ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
> >
> > Analyzing 187 Python scripts
> >
> > ./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> >
> > ./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> >
> > The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
>
> Hmm...given that, do we want to defer it until after 3.0 final release,
> or are we going to switch travis over to only test with python3 now?

Hello, I personally do not have a strong opinion about dropping Python
2 support before or after 3.0 final release (for information, the Arch
Linux packages will be Python 3-only anyway, because the distribution
maintainers began dropping related Python 2 packages such as
python2-audit).

Nevertheless, on the patch itself, I am wondering whether
"FileNotFoundError" could be replaced with "OSError" in order to make
it compatible with Python 2. The main drawback of this alternative
approach is that it silences PermissionError and other kind of errors
that could be useful when debugging some issues on a production
system. This is why I prefer keeping "FileNotFoundError", and the
patch looks good to me.

Thanks,
Nicolas

> >
> >   dbus/selinux_server.py | 5 ++++-
> >   1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
> > index b9debc071485..be4f4557a9fa 100644
> > --- a/dbus/selinux_server.py
> > +++ b/dbus/selinux_server.py
> > @@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
> >               fd = open("/.autorelabel", "w")
> >               fd.close()
> >           else:
> > -            os.unlink("/.autorelabel")
> > +            try:
> > +                os.unlink("/.autorelabel")
> > +            except FileNotFoundError:
> > +                pass
> >
> >       def write_selinux_config(self, enforcing=None, policy=None):
> >           path = selinux.selinux_path() + "config"
> >
>
Petr Lautrbach Nov. 18, 2019, 9:32 a.m. UTC | #3
Nicolas Iooss <nicolas.iooss@m4x.org> writes:

> On Fri, Nov 15, 2019 at 4:01 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>>
>> On 11/15/19 9:54 AM, Petr Lautrbach wrote:
>> > When org.selinux.relabel_on_boot(0) was called twice, it failed with
>> > FileNotFoundError.
>> >
>> > Fixes:
>> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
>> >      method return sender=:1.53 -> dest=:1.54 reply_serial=2
>> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>> >      method return sender=:1.53 -> dest=:1.55 reply_serial=2
>> >      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>> >      Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
>> >
>> > Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
>> > ---
>> >
>> > Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:
>> >
>> > $ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
>> >
>> > Analyzing 187 Python scripts
>> >
>> > ./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
>> >
>> > ./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
>> >
>> > The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
>>
>> Hmm...given that, do we want to defer it until after 3.0 final release,
>> or are we going to switch travis over to only test with python3 now?
>

I'd switch it now so it won't report false positives after this patch is
applied.


Also I'll add explicit note to release notes about dropping support for
python 2.


> Hello, I personally do not have a strong opinion about dropping Python
> 2 support before or after 3.0 final release (for information, the Arch
> Linux packages will be Python 3-only anyway, because the distribution
> maintainers began dropping related Python 2 packages such as
> python2-audit).
>
> Nevertheless, on the patch itself, I am wondering whether
> "FileNotFoundError" could be replaced with "OSError" in order to make
> it compatible with Python 2. The main drawback of this alternative
> approach is that it silences PermissionError and other kind of errors
> that could be useful when debugging some issues on a production
> system. This is why I prefer keeping "FileNotFoundError", and the
> patch looks good to me.
>

I've considered OSError, but I don't like the fact that it would silence
PermissionError and others just for sake of Python 2 which won't be
maintained after end of this year.

>> >
>> >   dbus/selinux_server.py | 5 ++++-
>> >   1 file changed, 4 insertions(+), 1 deletion(-)
>> >
>> > diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
>> > index b9debc071485..be4f4557a9fa 100644
>> > --- a/dbus/selinux_server.py
>> > +++ b/dbus/selinux_server.py
>> > @@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
>> >               fd = open("/.autorelabel", "w")
>> >               fd.close()
>> >           else:
>> > -            os.unlink("/.autorelabel")
>> > +            try:
>> > +                os.unlink("/.autorelabel")
>> > +            except FileNotFoundError:
>> > +                pass
>> >
>> >       def write_selinux_config(self, enforcing=None, policy=None):
>> >           path = selinux.selinux_path() + "config"
>> >
>>
Stephen Smalley Nov. 20, 2019, 1:06 p.m. UTC | #4
On 11/15/19 9:54 AM, Petr Lautrbach wrote:
> When org.selinux.relabel_on_boot(0) was called twice, it failed with
> FileNotFoundError.
> 
> Fixes:
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
>      method return sender=:1.53 -> dest=:1.54 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      method return sender=:1.53 -> dest=:1.55 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
> 
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
> 
> Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:
> 
> $ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
> 
> Analyzing 187 Python scripts
> 
> ./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> ./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
> 
> 
> 
>   dbus/selinux_server.py | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
> index b9debc071485..be4f4557a9fa 100644
> --- a/dbus/selinux_server.py
> +++ b/dbus/selinux_server.py
> @@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
>               fd = open("/.autorelabel", "w")
>               fd.close()
>           else:
> -            os.unlink("/.autorelabel")
> +            try:
> +                os.unlink("/.autorelabel")
> +            except FileNotFoundError:
> +                pass
>   
>       def write_selinux_config(self, enforcing=None, policy=None):
>           path = selinux.selinux_path() + "config"
>
Stephen Smalley Nov. 21, 2019, 5:08 p.m. UTC | #5
On 11/15/19 9:54 AM, Petr Lautrbach wrote:
> When org.selinux.relabel_on_boot(0) was called twice, it failed with
> FileNotFoundError.
> 
> Fixes:
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
>      method return sender=:1.53 -> dest=:1.54 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      method return sender=:1.53 -> dest=:1.55 reply_serial=2
>      $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
>      Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
> 
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>

Thanks, applied.  I applied the travis patch first so that this one 
shouldn't break it.

> ---
> 
> Note: This is python 3 only code and it fails in travis with PYVER=python2.7 RUBYLIBVER=2.6:
> 
> $ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
> 
> Analyzing 187 Python scripts
> 
> ./dbus/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> ./installdir/usr/share/system-config-selinux/selinux_server.py:90:20: F821 undefined name 'FileNotFoundError'
> 
> The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
> 
> 
> 
>   dbus/selinux_server.py | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
> index b9debc071485..be4f4557a9fa 100644
> --- a/dbus/selinux_server.py
> +++ b/dbus/selinux_server.py
> @@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
>               fd = open("/.autorelabel", "w")
>               fd.close()
>           else:
> -            os.unlink("/.autorelabel")
> +            try:
> +                os.unlink("/.autorelabel")
> +            except FileNotFoundError:
> +                pass
>   
>       def write_selinux_config(self, enforcing=None, policy=None):
>           path = selinux.selinux_path() + "config"
>

Patch
diff mbox series

diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index b9debc071485..be4f4557a9fa 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -85,7 +85,10 @@  class selinux_server(slip.dbus.service.Object):
             fd = open("/.autorelabel", "w")
             fd.close()
         else:
-            os.unlink("/.autorelabel")
+            try:
+                os.unlink("/.autorelabel")
+            except FileNotFoundError:
+                pass
 
     def write_selinux_config(self, enforcing=None, policy=None):
         path = selinux.selinux_path() + "config"