On Thu, Sep 26, 2019 at 2:52 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > Fixes: https://github.com/SELinuxProject/selinux/issues/61 > Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > python/sepolicy/sepolicy/interface.py | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py > index 583091ae18aa..b1b39a492d73 100644 > --- a/python/sepolicy/sepolicy/interface.py > +++ b/python/sepolicy/sepolicy/interface.py > @@ -196,7 +196,7 @@ def get_xml_file(if_file): > from subprocess import getstatusoutput > basedir = os.path.dirname(if_file) + "/" > filename = os.path.basename(if_file).split(".")[0] > - rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) > + rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename) > if rc != 0: > sys.stderr.write("\n Could not proceed selected interface file.\n") > sys.stderr.write("\n%s" % output) Considering that Python's "command" module was removed in Python 3 (according to https://docs.python.org/2/library/commands.html), and that Python 3's subprocess.getstatusoutput() supports using a list of arguments instead of a string, it seems better to change this code to something like: from subprocess import getstatusoutput basedir = os.path.dirname(if_file) filename = os.path.basename(if_file).split(".")[0] rc, output = getstatusoutput(["python3", "/usr/share/selinux/devel/include/support/segenxml.py", "-w", "-m", os.path.join(basedir, filename)]) The code that I suggest is not compatible with Python 2 (which does not support using list of arguments). Therefore, doing so makes sepolicy really Python-3 only. I do not consider this to be an issue, but others may prefer to wait for 3.0 to be released before dropping support for Python 2 completely. By the way, the current code is quite misleading because ("%s" % a + b) is interpreted as (("%s" % a) + b), not ("%s" % (a + b)). Thankfully the "%s" is at the end of the format string, but if you want to keep Python 2 compatibility, I suggest adding parentheses somewhere. Nicolas
