|
|
83e441 |
From f33e40265d192e5d725e7b82e5f14f603e1fba48 Mon Sep 17 00:00:00 2001
|
|
|
83e441 |
From: James Carter <jwcart2@gmail.com>
|
|
|
83e441 |
Date: Wed, 19 Oct 2022 14:20:11 -0400
|
|
|
83e441 |
Subject: [PATCH] python: Do not query the local database if the fcontext is
|
|
|
83e441 |
non-local
|
|
|
83e441 |
|
|
|
83e441 |
Vit Mojzis reports that an error message is produced when modifying
|
|
|
83e441 |
a non-local fcontext.
|
|
|
83e441 |
|
|
|
83e441 |
He gives the following example:
|
|
|
83e441 |
# semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
|
|
|
83e441 |
libsemanage.dbase_llist_query: could not query record value (No such file or directory).
|
|
|
83e441 |
|
|
|
83e441 |
When modifying an fcontext, the non-local database is checked for the
|
|
|
83e441 |
key and then, if it is not found there, the local database is checked.
|
|
|
83e441 |
If the key doesn't exist, then an error is raised. If the key exists
|
|
|
83e441 |
then the local database is queried first and, if that fails, the non-
|
|
|
83e441 |
local database is queried.
|
|
|
83e441 |
|
|
|
83e441 |
The error is from querying the local database when the fcontext is in
|
|
|
83e441 |
the non-local database.
|
|
|
83e441 |
|
|
|
83e441 |
Instead, if the fcontext is in the non-local database, just query
|
|
|
83e441 |
the non-local database. Only query the local database if the
|
|
|
83e441 |
fcontext was found in it.
|
|
|
83e441 |
|
|
|
83e441 |
Reported-by: Vit Mojzis <vmojzis@redhat.com>
|
|
|
83e441 |
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
|
83e441 |
---
|
|
|
83e441 |
python/semanage/seobject.py | 15 +++++++++------
|
|
|
83e441 |
1 file changed, 9 insertions(+), 6 deletions(-)
|
|
|
83e441 |
|
|
|
83e441 |
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
|
|
83e441 |
index 70ebfd08..0e923a0d 100644
|
|
|
83e441 |
--- a/python/semanage/seobject.py
|
|
|
83e441 |
+++ b/python/semanage/seobject.py
|
|
|
83e441 |
@@ -2490,16 +2490,19 @@ class fcontextRecords(semanageRecords):
|
|
|
83e441 |
(rc, exists) = semanage_fcontext_exists(self.sh, k)
|
|
|
83e441 |
if rc < 0:
|
|
|
83e441 |
raise ValueError(_("Could not check if file context for %s is defined") % target)
|
|
|
83e441 |
- if not exists:
|
|
|
83e441 |
+ if exists:
|
|
|
83e441 |
+ try:
|
|
|
83e441 |
+ (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
|
|
83e441 |
+ except OSError:
|
|
|
83e441 |
+ raise ValueError(_("Could not query file context for %s") % target)
|
|
|
83e441 |
+ else:
|
|
|
83e441 |
(rc, exists) = semanage_fcontext_exists_local(self.sh, k)
|
|
|
83e441 |
+ if rc < 0:
|
|
|
83e441 |
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
|
|
|
83e441 |
if not exists:
|
|
|
83e441 |
raise ValueError(_("File context for %s is not defined") % target)
|
|
|
83e441 |
-
|
|
|
83e441 |
- try:
|
|
|
83e441 |
- (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
|
|
83e441 |
- except OSError:
|
|
|
83e441 |
try:
|
|
|
83e441 |
- (rc, fcontext) = semanage_fcontext_query(self.sh, k)
|
|
|
83e441 |
+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
|
|
|
83e441 |
except OSError:
|
|
|
83e441 |
raise ValueError(_("Could not query file context for %s") % target)
|
|
|
83e441 |
|
|
|
83e441 |
--
|
|
|
83e441 |
2.37.3
|
|
|
83e441 |
|