Blame SOURCES/0050-python-Do-not-query-the-local-database-if-the-fconte.patch

83e441
From f33e40265d192e5d725e7b82e5f14f603e1fba48 Mon Sep 17 00:00:00 2001
83e441
From: James Carter <jwcart2@gmail.com>
83e441
Date: Wed, 19 Oct 2022 14:20:11 -0400
83e441
Subject: [PATCH] python: Do not query the local database if the fcontext is
83e441
 non-local
83e441
83e441
Vit Mojzis reports that an error message is produced when modifying
83e441
a non-local fcontext.
83e441
83e441
He gives the following example:
83e441
  # semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
83e441
  libsemanage.dbase_llist_query: could not query record value (No such file or directory).
83e441
83e441
When modifying an fcontext, the non-local database is checked for the
83e441
key and then, if it is not found there, the local database is checked.
83e441
If the key doesn't exist, then an error is raised. If the key exists
83e441
then the local database is queried first and, if that fails, the non-
83e441
local database is queried.
83e441
83e441
The error is from querying the local database when the fcontext is in
83e441
the non-local database.
83e441
83e441
Instead, if the fcontext is in the non-local database, just query
83e441
the non-local database. Only query the local database if the
83e441
fcontext was found in it.
83e441
83e441
Reported-by: Vit Mojzis <vmojzis@redhat.com>
83e441
Signed-off-by: James Carter <jwcart2@gmail.com>
83e441
---
83e441
 python/semanage/seobject.py | 15 +++++++++------
83e441
 1 file changed, 9 insertions(+), 6 deletions(-)
83e441
83e441
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
83e441
index 70ebfd08..0e923a0d 100644
83e441
--- a/python/semanage/seobject.py
83e441
+++ b/python/semanage/seobject.py
83e441
@@ -2490,16 +2490,19 @@ class fcontextRecords(semanageRecords):
83e441
         (rc, exists) = semanage_fcontext_exists(self.sh, k)
83e441
         if rc < 0:
83e441
             raise ValueError(_("Could not check if file context for %s is defined") % target)
83e441
-        if not exists:
83e441
+        if exists:
83e441
+            try:
83e441
+                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
83e441
+            except OSError:
83e441
+                raise ValueError(_("Could not query file context for %s") % target)
83e441
+        else:
83e441
             (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
83e441
+            if rc < 0:
83e441
+                raise ValueError(_("Could not check if file context for %s is defined") % target)
83e441
             if not exists:
83e441
                 raise ValueError(_("File context for %s is not defined") % target)
83e441
-
83e441
-        try:
83e441
-            (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
83e441
-        except OSError:
83e441
             try:
83e441
-                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
83e441
+                (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
83e441
             except OSError:
83e441
                 raise ValueError(_("Could not query file context for %s") % target)
83e441
 
83e441
-- 
83e441
2.37.3
83e441