From patchwork Sat Jan 5 15:45:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10749299 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 87A1614E2 for ; Sat, 5 Jan 2019 15:46:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 76B1F28800 for ; Sat, 5 Jan 2019 15:46:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6ACA128802; Sat, 5 Jan 2019 15:46:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D18C028800 for ; Sat, 5 Jan 2019 15:46:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726279AbfAEPqW (ORCPT ); Sat, 5 Jan 2019 10:46:22 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:34514 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726200AbfAEPqW (ORCPT ); Sat, 5 Jan 2019 10:46:22 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id D1AA1561204 for ; Sat, 5 Jan 2019 16:46:19 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 1/2] python/semanage: explain why sepolicy is imported in a function Date: Sat, 5 Jan 2019 16:45:50 +0100 Message-Id: <20190105154551.18768-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Jan 5 16:46:20 2019 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Importing modules inside functions is quite uncommon in Python. This is nevertheless required with sepolicy because it loads the current SELinux policy when it is imported (and raises ValueError when this fails). Signed-off-by: Nicolas Iooss --- python/semanage/semanage | 1 + 1 file changed, 1 insertion(+) diff --git a/python/semanage/semanage b/python/semanage/semanage index 1cb136831422..49add51ec24e 100644 --- a/python/semanage/semanage +++ b/python/semanage/semanage @@ -83,6 +83,7 @@ class CheckRole(argparse.Action): if not newval: newval = [] try: + # sepolicy tries to load the SELinux policy and raises ValueError if it fails. import sepolicy roles = sepolicy.get_all_roles() except ValueError: From patchwork Sat Jan 5 15:45:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10749301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7E85A14E2 for ; Sat, 5 Jan 2019 15:46:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6E5C328800 for ; Sat, 5 Jan 2019 15:46:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6185B28802; Sat, 5 Jan 2019 15:46:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 03A3A28800 for ; Sat, 5 Jan 2019 15:46:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726249AbfAEPqY (ORCPT ); Sat, 5 Jan 2019 10:46:24 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:50650 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726252AbfAEPqY (ORCPT ); Sat, 5 Jan 2019 10:46:24 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id DFC16561202 for ; Sat, 5 Jan 2019 16:46:21 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 2/2] python/sepolgen: close /etc/selinux/sepolgen.conf after parsing it Date: Sat, 5 Jan 2019 16:45:51 +0100 Message-Id: <20190105154551.18768-2-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190105154551.18768-1-nicolas.iooss@m4x.org> References: <20190105154551.18768-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Jan 5 16:46:22 2019 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP sepolgen testsuite reports the following warning on a system with /etc/selinux/sepolgen.conf: .../src/./sepolgen/defaults.py:35: ResourceWarning: unclosed file <_io.TextIOWrapper name='/etc/selinux/sepolgen.conf' mode='r' encoding='UTF-8'> Fix this by properly closing the file in PathChooser.__init__(). Signed-off-by: Nicolas Iooss --- python/sepolgen/src/sepolgen/defaults.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/python/sepolgen/src/sepolgen/defaults.py b/python/sepolgen/src/sepolgen/defaults.py index 199acfafe4cf..533a90412475 100644 --- a/python/sepolgen/src/sepolgen/defaults.py +++ b/python/sepolgen/src/sepolgen/defaults.py @@ -32,12 +32,13 @@ class PathChooser(object): self.config_pathname = pathname ignore = re.compile(r"^\s*(?:#.+)?$") consider = re.compile(r"^\s*(\w+)\s*=\s*(.+?)\s*$") - for lineno, line in enumerate(open(pathname)): - if ignore.match(line): continue - mo = consider.match(line) - if not mo: - raise ValueError("%s:%d: line is not in key = value format" % (pathname, lineno+1)) - self.config[mo.group(1)] = mo.group(2) + with open(pathname, "r") as fd: + for lineno, line in enumerate(fd): + if ignore.match(line): continue + mo = consider.match(line) + if not mo: + raise ValueError("%s:%d: line is not in key = value format" % (pathname, lineno+1)) + self.config[mo.group(1)] = mo.group(2) # We're only exporting one useful function, so why not be a function def __call__(self, testfilename, pathset="SELINUX_DEVEL_PATH"):