On 11/08/2016 08:34 AM, Stephen Smalley wrote:
> On 11/07/2016 06:09 PM, Laurent Bigonville wrote:
>> Le 07/11/16 à 22:13, Stephen Smalley a écrit :
>>> On 11/07/2016 03:01 AM, Laurent Bigonville wrote:
>>>> From: Laurent Bigonville <bigon@xxxxxxxx>
>>>>
>>>> sepolicy.info() now returns a generator, use next() to get the results.
>>> This breaks sandbox for me,
>>> $ /usr/bin/sandbox -X firefox
>>> Traceback (most recent call last):
>>> File "/usr/bin/sandbox", line 529, in <module>
>>> rc = sandbox.main()
>>> File "/usr/bin/sandbox", line 513, in main
>>> self.__parse_options()
>>> File "/usr/bin/sandbox", line 308, in __parse_options
>>> """) % "\n\t".join(next(sepolicy.info(sepolicy.ATTRIBUTE,
>>> "sandbox_type"))['types'])
>>> TypeError: list object is not an iterator
>>
>> Which version of python and setools are you using?
>
> I have installed setools4 from source, both running setup.py via python
> and via python3 to install it for python 2.7 and python 3.5 (both are
> installed on Fedora, with python referencing 2.7 by default). I have
> likewise built and installed the selinux userspace with PYTHON=python
> and with PYTHON=python3. I have tried running sandbox via python and via
> python3, and it yields the same exception in both cases with your patch,
> and works fine without your patch.
Ok, I forcibly removed the Fedora setools* packages (which also
uninstalled policycoreutils) and built and installed setools4 and
policycoreutils from upstream source again. Now I do not get that
exception with your patch, but it also works fine without your patch - I
see no difference in behavior. Not sure what I am missing.
>
>>>
>>>> Signed-off-by: Laurent Bigonville <bigon@xxxxxxxx>
>>>> ---
>>>> policycoreutils/sandbox/sandbox | 8 ++++----
>>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/policycoreutils/sandbox/sandbox
>>>> b/policycoreutils/sandbox/sandbox
>>>> index 4010e83..c07a1d8 100644
>>>> --- a/policycoreutils/sandbox/sandbox
>>>> +++ b/policycoreutils/sandbox/sandbox
>>>> @@ -305,8 +305,8 @@ kill -TERM $WM_PID 2> /dev/null
>>>> types = _("""
>>>> Policy defines the following types for use with the -t:
>>>> \t%s
>>>> -""") % "\n\t".join(list(sepolicy.info(sepolicy.ATTRIBUTE,
>>>> "sandbox_type"))[0]['types'])
>>>> - except RuntimeError:
>>>> +""") % "\n\t".join(next(sepolicy.info(sepolicy.ATTRIBUTE,
>>>> "sandbox_type"))['types'])
>>>> + except StopIteration:
>>>> pass
>>>> usage = _("""
>>>> @@ -380,8 +380,8 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T
>>>> tempdir]] [-I includefile ] [-
>>>> self.setype = DEFAULT_X_TYPE
>>>> else:
>>>> try:
>>>> - sepolicy.info(sepolicy.TYPE, "sandbox_t")
>>>> - except RuntimeError:
>>>> + next(sepolicy.info(sepolicy.TYPE, "sandbox_t"))
>>>> + except StopIteration:
>>>> raise ValueError(_("Sandbox Policy is not currently
>>>> installed.\nYou need to install the selinux-policy-sandbox package in
>>>> order to run this command"))
>>>> if self.__options.setype:
>>>>
>>
>> _______________________________________________
>> Selinux mailing list
>> Selinux@xxxxxxxxxxxxx
>> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
>> To get help, send an email containing "help" to
>> Selinux-request@xxxxxxxxxxxxx.
>>
>
> _______________________________________________
> Selinux mailing list
> Selinux@xxxxxxxxxxxxx
> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
