On Mon, Jul 9, 2018 at 8:29 PM, Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
>
> Test if audit module is enabled so that logger class is defined
> correctly.
>
> Fixes:
> "semanage fcontext -l" fails with "OSError: Protocol not supported" when
> booting with audit=0
>
> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
> ---
> python/semanage/seobject.py | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index e5c81a7d..29b4afe0 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -101,6 +101,8 @@ ftype_to_audit = {"": "any",
>
> try:
> import audit
> + #test if audit module is enabled
> + audit.audit_close(audit.audit_open())
>
> class logger:
>
This looks good to me (Ack). For future reference, I was wondering
whether audit.audit_open() returns -1 or raises an exception if it
fails to open the audit log, and found the answer in audit's source
code (it raises an OSError, as expected [1], so the new code is fine).
While reviewing your patch, I encountered the bare "except:" right
after the definition of class logger. The exceptions which cause the
use of the fail-over logger class are not explicitly written and this
could cause issues, for example when someone tries to interrupt the
program with Ctrl-C while the code executes. Would it be possible to
replace this "except:" with "except ImportError, OSError:"? (This
could be done in another patch).
Thanks,
Nicolas
[1] https://github.com/linux-audit/audit-userspace/blob/v2.8.4/bindings/swig/src/auditswig.i#L27-L33)
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
