Message ID | 20230702100011.9249-1-toiwoton@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Petr Lautrbach |
Headers | show |
Series | [v5] semanage, sepolicy: list also ports not attributed with port_type | expand |
Topi Miettinen <toiwoton@gmail.com> writes: > For `semanage port -l` and `sepolicy network -t type`, show also ports > which are not attributed with `port_type`. Such ports may exist in > custom policies and even the attribute `port_type` may not be defined. > > This fixes the following error with `semanage port -l` (and similar > error with `sepolicy network -t type`): > > Traceback (most recent call last): > File "/usr/sbin/semanage", line 975, in <module> > do_parser() > File "/usr/sbin/semanage", line 947, in do_parser > args.func(args) > File "/usr/sbin/semanage", line 441, in handlePort > OBJECT = object_dict['port'](args) > ^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/lib/python3/dist-packages/seobject.py", line 1057, in __init__ > self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^ > IndexError: list index out of range > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> > > --- > v5: fix from Petr Lautrbach > v4: keep types found with attribute port_type for compatibility with types > which are not portcons > v3: use even better version, thanks to Petr Lautrbach > v2: fix other cases and use better version courtesy of Petr Lautrbach > --- > python/semanage/semanage-bash-completion.sh | 2 +- > python/semanage/seobject.py | 2 +- > python/sepolicy/sepolicy-bash-completion.sh | 2 +- > python/sepolicy/sepolicy/__init__.py | 4 ++-- > 4 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/python/semanage/semanage-bash-completion.sh b/python/semanage/semanage-bash-completion.sh > index d0dd139f..1e3f6f9d 100644 > --- a/python/semanage/semanage-bash-completion.sh > +++ b/python/semanage/semanage-bash-completion.sh > @@ -37,7 +37,7 @@ __get_all_types () { > seinfo -t 2> /dev/null | tail -n +3 > } > __get_all_port_types () { > - seinfo -aport_type -x 2>/dev/null | tail -n +2 > + sepolicy network -l > } > __get_all_domains () { > seinfo -adomain -x 2>/dev/null | tail -n +2 > diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py > index d82da494..31e73ee9 100644 > --- a/python/semanage/seobject.py > +++ b/python/semanage/seobject.py > @@ -1055,7 +1055,7 @@ class portRecords(semanageRecords): > def __init__(self, args = None): > semanageRecords.__init__(self, args) > try: > - self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) > + self.valid_types = [x["type"] for x in [*sepolicy.info(sepolicy.ATTRIBUTE, "port_type"), *sepolicy.info(sepolicy.PORT)]] >>> import sepolicy >>> valid_types = [x["type"] for x in [*sepolicy.info(sepolicy.ATTRIBUTE, "port_type"), *sepolicy.info(sepolicy.PORT)]] Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<stdin>", line 1, in <listcomp> KeyError: 'type' >>> see https://lore.kernel.org/selinux/87o7l0292n.fsf@redhat.com/ > except RuntimeError: > pass > > diff --git a/python/sepolicy/sepolicy-bash-completion.sh b/python/sepolicy/sepolicy-bash-completion.sh > index 13638e4d..467333b8 100644 > --- a/python/sepolicy/sepolicy-bash-completion.sh > +++ b/python/sepolicy/sepolicy-bash-completion.sh > @@ -52,7 +52,7 @@ __get_all_classes () { > seinfo -c 2> /dev/null | tail -n +2 > } > __get_all_port_types () { > - seinfo -aport_type -x 2> /dev/null | tail -n +2 > + sepolicy network -l > } > __get_all_domain_types () { > seinfo -adomain -x 2> /dev/null | tail -n +2 > diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py > index c177cdfc..3dfe4bff 100644 > --- a/python/sepolicy/sepolicy/__init__.py > +++ b/python/sepolicy/sepolicy/__init__.py > @@ -989,8 +989,8 @@ def get_all_port_types(): > global port_types > if port_types: > return port_types > - port_types = list(sorted(info(ATTRIBUTE, "port_type"))[0]["types"]) > - return port_types > + port_types = set(next(info(ATTRIBUTE, "port_type"))["types"] + [x["type"] for x in info(PORT)]) > + return sorted(port_types) > > > def get_all_bools(): > -- > 2.40.1
diff --git a/python/semanage/semanage-bash-completion.sh b/python/semanage/semanage-bash-completion.sh index d0dd139f..1e3f6f9d 100644 --- a/python/semanage/semanage-bash-completion.sh +++ b/python/semanage/semanage-bash-completion.sh @@ -37,7 +37,7 @@ __get_all_types () { seinfo -t 2> /dev/null | tail -n +3 } __get_all_port_types () { - seinfo -aport_type -x 2>/dev/null | tail -n +2 + sepolicy network -l } __get_all_domains () { seinfo -adomain -x 2>/dev/null | tail -n +2 diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index d82da494..31e73ee9 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -1055,7 +1055,7 @@ class portRecords(semanageRecords): def __init__(self, args = None): semanageRecords.__init__(self, args) try: - self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) + self.valid_types = [x["type"] for x in [*sepolicy.info(sepolicy.ATTRIBUTE, "port_type"), *sepolicy.info(sepolicy.PORT)]] except RuntimeError: pass diff --git a/python/sepolicy/sepolicy-bash-completion.sh b/python/sepolicy/sepolicy-bash-completion.sh index 13638e4d..467333b8 100644 --- a/python/sepolicy/sepolicy-bash-completion.sh +++ b/python/sepolicy/sepolicy-bash-completion.sh @@ -52,7 +52,7 @@ __get_all_classes () { seinfo -c 2> /dev/null | tail -n +2 } __get_all_port_types () { - seinfo -aport_type -x 2> /dev/null | tail -n +2 + sepolicy network -l } __get_all_domain_types () { seinfo -adomain -x 2> /dev/null | tail -n +2 diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index c177cdfc..3dfe4bff 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -989,8 +989,8 @@ def get_all_port_types(): global port_types if port_types: return port_types - port_types = list(sorted(info(ATTRIBUTE, "port_type"))[0]["types"]) - return port_types + port_types = set(next(info(ATTRIBUTE, "port_type"))["types"] + [x["type"] for x in info(PORT)]) + return sorted(port_types) def get_all_bools():
For `semanage port -l` and `sepolicy network -t type`, show also ports which are not attributed with `port_type`. Such ports may exist in custom policies and even the attribute `port_type` may not be defined. This fixes the following error with `semanage port -l` (and similar error with `sepolicy network -t type`): Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 947, in do_parser args.func(args) File "/usr/sbin/semanage", line 441, in handlePort OBJECT = object_dict['port'](args) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/seobject.py", line 1057, in __init__ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^ IndexError: list index out of range Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- v5: fix from Petr Lautrbach v4: keep types found with attribute port_type for compatibility with types which are not portcons v3: use even better version, thanks to Petr Lautrbach v2: fix other cases and use better version courtesy of Petr Lautrbach --- python/semanage/semanage-bash-completion.sh | 2 +- python/semanage/seobject.py | 2 +- python/sepolicy/sepolicy-bash-completion.sh | 2 +- python/sepolicy/sepolicy/__init__.py | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-)