Re: [PATCH] python/semanage/seobject: Fix listing boolean values

Nicolas Iooss <nicolas.iooss@xxxxxxx> · Wed, 6 Feb 2019 22:10:13 +0100

On Fri, Feb 1, 2019 at 5:49 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
>
> Fix gathering boolean values by fixing always False if condition
> (determining whether the values are listed from local store).
>
> Fix listing boolean values by printing the correct values and not
> forcing the use of security_get_boolean_active (which causes
> crash when listing booleans that are not present in active policy).
>
> Fixes:
>     # dnf install selinux-policy-mls
>     # cat > mypolicy.cil
>     (boolean xyz false)
>
>     # semodule -i mypolicy.cil -s mls
>
>     # semanage boolean -l -S mls
>     ...
>     irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
>     mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
>     OSError: No such file or directory
>
> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>

I confirm this fixes the issue and I merged this patch. Thanks!

Nicolas

> ---
>  python/semanage/seobject.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 556d3ba5..b31a90c1 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2807,7 +2807,7 @@ class booleanRecords(semanageRecords):
>              value = []
>              name = semanage_bool_get_name(boolean)
>              value.append(semanage_bool_get_value(boolean))
> -            if self.modify_local and boolean in self.current_booleans:
> +            if self.modify_local and name in self.current_booleans:
>                  value.append(selinux.security_get_boolean_pending(name))
>                  value.append(selinux.security_get_boolean_active(name))
>              else:
> @@ -2849,4 +2849,4 @@ class booleanRecords(semanageRecords):
>              print("%-30s %s  %s %s\n" % (_("SELinux boolean"), _("State"), _("Default"), _("Description")))
>          for k in sorted(ddict.keys()):
>              if ddict[k]:
> -                print("%-30s (%-5s,%5s)  %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)))
> +                print("%-30s (%-5s,%5s)  %s" % (k, on_off[ddict[k][2]], on_off[ddict[k][0]], self.get_desc(k)))
> --
> 2.17.2
>